14 matches found
USN-8018-3: Python 2.7 vulnerabilities
USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...
CVE-2026-29046
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
CVE-2019-12822
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...
USN-7814-1 libhtp vulnerabilities
It was discovered that LibHTP did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2024-23837 It was discovered that LibH...
PT-2025-34047 · Tenda · Tenda Ac6
Name of the Vulnerable Software and Affected Versions: Tenda AC6 version V02.03.01.110 Description: A denial of service issue exists in the HTTP Header Parsing functionality. A series of specially crafted HTTP requests can cause a reboot. An attacker can trigger this issue by sending multiple...
PHP 8.3.x < 8.3.19 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...
CLSA-2025-1740477793 python3.11: Fix of CVE-2024-6232
CVE-2024-6232: fix excessive backtracking in tarfile.TarFile header parsing to address ReDoS vulnerability...
CVE-2023-27539
There is a denial of service vulnerability in the header parsing component of Rack...
rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing
A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...
USN-6689-1 ruby-rack vulnerabilities
It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-27539, CVE-2024-26141, CVE-2024-26146...
Node.js 环境问题漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from HTTP requests smuggling due to incorrect parsing of header fields...
DEBIAN-CVE-2021-37149
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0...
Authentication flaw
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...
Webroot BrightCloud SDK Buffer Overflow Vulnerability
Webroot BrightCloud SDK is a set of SDKs Software Development Kits from Webroot, Inc. for detecting website security. A buffer overflow vulnerability exists in the HTTP header parsing function in the Webroot BrightCloud SDK, which stems from the 'bchttpreadheader' function failing to correctly...