Allocation of Resources Without Limits or Throttling

Overview commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

The vulnerability of the preview function of the DevTools set of web development tools for Mozilla Firefox and the Thunderbird email client allows a hacker to bypass the Content Security Policy (CSP) protection mechanism.

The vulnerability of the pre-viewing function of the DevTools set of web development tools for Mozilla Firefox and the Thunderbird email client is related to a lack of mechanisms for encoding or blocking output data when processing headers. Exploiting this vulnerability could allow an attacker to...

The vulnerability of Nomad application orchestrators, related to incorrect processing of network packet headers, allows attackers to escalate their privileges.

The vulnerability of Nomad application orchestrators is related to incorrect processing of network packet headers. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of the PHP programming language interpreter, related to deficiencies in handling HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the PHP programming language interpreter is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling attack...

OESA-2025-1451 etcd security update

%expand: Security Fixes: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large...

libsoup 代码问题漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A code issue vulnerability exists in libsoup that stems from a null pointer dereference in the function soupmessageheadersgetcontentdisposition, which could cause a client or server crash...

The vulnerability of the Apache Traffic Server web server, related to defects in the processing of HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apache Traffic Server web server is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

Stream HTTP wrapper header check might omit basic auth header

...

CVE-2025-1734

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

The vulnerability of the x-middleware-subrequest header processing mechanism in the Next.js web application development software platform allows attackers to circumvent existing security restrictions.

The vulnerability of the x-middleware-subrequest header processing mechanism in the Next.js web application development software platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by...

Linux Distros Unpatched Vulnerability : CVE-2018-1000027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response...

The vulnerability of the Xerox Workplace Suite server management interface allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Xerox Workplace Suite print server management interface is related to deficiencies in the authentication process when processing Host headers. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Vulnerabilities fixed in Cisco AsyncOS Software

Cisco has fixed vulnerabilities in Cisco AsyncOS Software Specific to Cisco Secure Web Appliance and Cisco Secure Email Gateway. The vulnerabilities are in the way Cisco AsyncOS Software handles requests and configuration files. An attacker can gain unauthenticated access to the system by using...

Security update for apptainer

This update for apptainer fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

PT-2024-30577 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of HTTP request headers, resulting in an Out-of-bounds Read. Crafted HTTP requests may cause the affected products to cras...

UBUNTU-CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

PT-2024-30610 · Microchip · Timeprovider 4100

Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 and later Description: The issue is related to a URL Redirection to Untrusted Site 'Open Redirect' vulnerability that allows XSS Through HTTP Headers. This can lead to security issues, as it enables...

BIT-ENVOY-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

CVE-2024-45809

A flaw was found in Envoy. JWT filter will lead to a crash in Envoy when clearing the route cache with remote JWKs in the following cases: 1. Remote JWKs are used, which requires async header processing 2. clearroutecache is enabled on the provider 3. Header operations are enabled in JWT filter,...

The vulnerability of the Pandora FMS system’s monitoring and management interface allows a perpetrator to execute arbitrary SQL queries and gain unauthorized access to protected information.

The vulnerability of the Pandora FMS system’s monitoring and management interface relates to the improper processing of SQL query headers. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries and gain unauthorized access to protected information...