Linux Distros Unpatched Vulnerability : CVE-2023-40175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encodin...

Linux Distros Unpatched Vulnerability : CVE-2023-38322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a dobinauth NULL pointer dereference that be triggered with a crafted GET HTTP...

Linux Distros Unpatched Vulnerability : CVE-2023-46846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall...

Linux Distros Unpatched Vulnerability : CVE-2024-11234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and requestfulluri option, the URI is not...

Linux Distros Unpatched Vulnerability : CVE-2024-27982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request...

Linux Distros Unpatched Vulnerability : CVE-2023-30589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling...

Linux Distros Unpatched Vulnerability : CVE-2022-24766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request...

Linux Distros Unpatched Vulnerability : CVE-2024-1135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting...

Linux Distros Unpatched Vulnerability : CVE-2022-24801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in t...

USN-7318-1 spip vulnerabilities

It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. CVE-2022-23638 It was discovered that SPIP did not properly sanitize certain inputs....

Linux Distros Unpatched Vulnerability : CVE-2019-18678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits...

Linux Distros Unpatched Vulnerability : CVE-2014-0099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a...

Linux Distros Unpatched Vulnerability : CVE-2019-16276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. CVE-2019-16276 Note that Nessus relies on the presence of the package as reported by th...

CVE-2025-1867

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3...

CVE-2025-1867

CVE-2025-1867 concerns the libhv library (up to version 1.3.3) from ithewei, where an issue in the inconsistent interpretation of HTTP requests leads to HTTP Response Smuggling . The mechanism is primarily a root-cause of malformed request/response handling within libhv that can impact all three ...

Linux Distros Unpatched Vulnerability : CVE-2011-3624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers...

CVE-2025-1833

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

CVE-2025-1833

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

CVE-2025-1833 zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

CVE-2025-1833

CVE-2025-1833 affects zj1983 zz (up to 2024-8) in the HTTP Request Handler’s function sendNotice. The root cause is manipulation of the parameter url, leading to server-side request forgery (SSRF). Exploitation is described as remote and publicly disclosed. Multiple sources corroborate the same d...