Important: docker

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

USN-6473-1: urllib3 vulnerabilities

It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-25091 It was discovered that urllib3 didn't...

The vulnerabilities of the net/http and mime/multipart libraries used in the GoLang-based application software of the PPEO “Avora Center” allow attackers to perform a type of attack known as “denial-of-service attack”.

The vulnerability of the net/http and mime/multipart libraries used in the GoLang-based application software for the PPEO “Avora Center” involves uncontrolled resource consumption under certain input conditions. Exploiting this vulnerability could allow a remote attacker to execute a type of atta...

Apache JSPWiki < 2.11.0.M5 Multiple Vulnerabilities

Apache JSPWiki is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fix of CVE: CVE-2020-8517, CVE-2021-28651, CVE-2020-15049, CVE-2020-8449, CVE-2020-8450, CVE-2020-24606, CVE-2020-25097, CVE-2020-11945, CVE-2020-14058

CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack - CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-25097: fix improper input validation allowing HTTP smuggling from trusted client -...

CVE-2021-22881

creationtimestamp| type| source ---|---|--- 2021-02-11 20:42:39+00:00| seen| https://t.me/cibsecurity/23449 2026-01-21 08:13:17+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-22881.yaml 2026-01-21 21:03:00+00:00| seen|...

Debian DLA-2394-1 : squid3 security update

Several security vulnerabilities have been discovered in Squid, a high- performance proxy caching server for web clients. CVE-2020-15049 An issue was discovered in http/ContentLengthInterpreter.cc in Squid. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client...

Important: Red Hat Security Advisory: nodejs:12 security update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

MGASA-2016-0417 Updated tomcat package fixes security vulnerabilities

The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could...

Oracle Containers for J2EE Multiple Unspecified HTTP Vulnerabilities (April 2014 CPU)

The remote install of Oracle Containers for J2EE is missing a vendor-supplied update. It is, therefore, affected by multiple, unspecified vulnerabilities related to how HTTP requests are handled. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Embedthis Goahead WebServer 3.1.3-0 - Multiple Vulnerabilities

Embedthis Goahead WebServer 3.1.3-0 - Multiple Vulnerabilities Title: Embedthis Goahead Webserver multiple DoS vulnerabilities. Author: 0in Maksymilian Motyl Date: 18.02.2014 Version: 3.1.3-0 Software Link: http://embedthis.com/products/goahead/ Download: https://github.com/embedthis/goahead Test...

Google, FireEye Demand Change from Vulna Ad Network

An Android ad library containing a maliciously potent cocktail of features and vulnerabilities is less of a danger to Android users today after Google and the ad network made a series of changes spurred by security firm FireEye’s insistence. Despite fixes from the ad network, updates implemented ...

pluck-xss.txt

---------------------------------------------------------------- Script : Pluck 4.5.2 Type : Multiple Cross Site Scripting Vulnerabilities Alert : Medium ---------------------------------------------------------------- Download From : http://www.pluck-cms.org/downloads/pluck-452.tar.gz...

Macallan Mail Solution < 4.1.1.0 Multiple HTTP Vulnerabilities

Binary data 2482.prm...

Security Advisory: Content Service Switch HTTP Processing Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Content Service Switch HTTP Processing Vulnerabilities Revision 1.0: INTERIM For Public Release 2002 May 15 18:00 GMT - ------------------------------------------------------------------------------- Please provide your feedback on this...