101619 matches found
Astra Linux - уязвимость в symfony
Symfony is a PHP framework for web and console applications, along with a set of reusable PHP components. The Symfony HTTP cache system functions as a reverse proxy: it caches entire responses including headers and returns them to clients. In a recent change to the AbstractSessionListener,...
Astra Linux - уязвимость в nodejs
A memory leak could occur when a remote peer abruptly closes the socket without sending a “GOAWAY” notification. Additionally, if an invalid header is detected by nghttp2, causing the connection to be terminated by the peer, the same memory leak will be triggered. This flaw could lead to increase...
Astra Linux - уязвимость в curl
curl 7.84.0 supports “chained” HTTP compression algorithms, which means that a server response can be compressed multiple times, possibly using different algorithms. The number of allowable “links” in this “decompression chain” is unlimited, allowing a malicious server to insert virtually an...
Astra Linux - уязвимость в apache2
A out-of-bounds read vulnerability exists in the modmacro module of the Apache HTTP Server. This issue affects the Apache HTTP Server version up to 2.4.57...
Astra Linux - уязвимость в python2.7, pypy
In Python 3.x versions prior to 3.5.10, 3.6.x versions prior to 3.6.12, 3.7.x versions prior to 3.7.9, and 3.8.x versions prior to 3.8.5, CRLF injection is allowed if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...
Astra Linux - уязвимость в apache2
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
Astra Linux - уязвимость в php8.1
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, and 8.3. before 8.3.14, when using streams with a configured proxy and the “requestfulluri” option, the URI is not properly sanitized. This can lead to HTTP request smuggling, allowing attackers to use the proxy to send arbitrary HTTP reques...
Astra Linux - уязвимость в nodejs
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
Astra Linux - уязвимость в puma
Puma is an HTTP 1.1 server for Ruby/Rack applications. Before versions 5.5.1 and 4.3.9, using “puma” with a proxy that forwards HTTP header values containing the LF character could lead to HTTP request smuggling. A client could secretly send a request through a proxy, causing the proxy to send a...
Astra Linux - уязвимость в perl
HTTP::Tiny, a Perl core module since version 5.13.9 and available as a standalone package on CPAN, has an insecure default TLS configuration. In this configuration, users are required to explicitly choose to verify certificates...
Astra Linux - уязвимость в jruby
Before Ruby 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an HTTP Response Splitting attack was possible. An attacker could inject a crafted key and value into an HTTP response for the WEBrick HTTP server...
Astra Linux - уязвимость в golang-golang-x-net
In net/http in Go, before versions 1.18.6 and 1.19.x, and before version 1.19.1, attackers can cause a denial of service because an HTTP/2 connection may become unresponsive during closure, if the shutdown process is interrupted by a fatal error...
Astra Linux - уязвимость в http-parser
HTTP request smuggling in Node.js versions 10, 12, and 13 causes the delivery of malicious payloads when transfer-encoding is malformed...
MAL-2026-4418 Malicious code in @pluxee-connect/api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...
Malicious code in @pluxee-connect/api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...
Malicious code in ezymail (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea463f516048086ec4acfc2733edc9561dac749d19c2e47381fc170c451cd53c The package advertises itself as a Gmail/SMTP sender library. The README documents that callers pass their SMTP user and pass Gmail App Password to a...
CVE-2026-45232
Rsync
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1672)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1672 advisory. Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1...
FreeBSD : nginx-devel -- multiple vulnerabilities (1ed77d8e-53bb-11f1-b339-3497f65b111b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ed77d8e-53bb-11f1-b339-3497f65b111b advisory. The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2...