736 matches found
SafeDep 安全漏洞
SafeDep is an open source package from SafeDep that prevents malicious open source. A security vulnerability exists in SafeDep version 1.12.4 and earlier, which stems from a lack of HTTP Host and Origin header validation and could lead to a DNS rebinding attack...
Allocation Of Resources Without Limits
github.com/ulikunitz/xz is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to denial of service due to improper header validation that allows arbitrary data to be prepended to an LZMA stream, causing the implementation to allocate a full decode buffer and consume...
CLSA-2025-1758289909 Fix CVE(s): CVE-2025-1735, CVE-2025-1736
SECURITY UPDATE: Inadequate validation in pgsql and pdopgsql functions - debian/patches/CVE-2025-1735.patch: add error checks for escape function in pgsql and pdopgsql extensions to prevent potential security issues - CVE-2025-1735 SECURITY UPDATE: Insufficient HTTP header validation -...
Request Smuggling
h2 is vulnerable to request smuggling. The vulnerability is due to improper validation of header names/values when downgrading HTTP/2 requests to HTTP/1.1, which allows an attacker to inject CRLF characters, manipulate request boundaries, and bypass security controls...
HTTP Request Smuggling (HRS)
mitmproxy is vulnerable to HTTP request smuggling. The vulnerability is due to mitmproxy embedding python-hyper/h2 ≤ v4.2.0 which has a gap in its HTTP/2 header validation, which allows an attacker to smuggle requests when mitmproxy translates HTTP/2 to HTTP/1...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly validating the MAC header, which could lead to a null pointer dereference...
CVE-2025-59155
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
CVE-2023-53333
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...
CVE-2023-53333
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...
HackMD MCP Server 代码问题漏洞
HackMD MCP Server is a context protocol server for yuna0x0 individual developers. A code issue vulnerability exists in hackmd-mcp version 1.4.0 up to and including version 1.5.0, which stems from not validating the Hackmd-Api-Url header or base64-encoded JSON query parameter in HTTP transport mod...
AZL-67211 CVE-2025-39787 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...
UBUNTU-CVE-2025-39787
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
Linux Distros Unpatched Vulnerability : CVE-2023-2848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. CVE-2023-2848 Not...
AZL-66947 CVE-2025-39718 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...
CLSA-2025-1757016160 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861
SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...
CLSA-2025-1757014652 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861
SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...
drm/amdgpu: Add basic validation for RAS header
...
[SECURITY] [DLA 4290-1] python-h2 security update
Debian LTS Advisory DLA-4290-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert September 02, 2025 https://wiki.debian.org/LTS Package : python-h2 Version : 4.0.0-3+deb11u1 CVE ID : CVE-2025-57804 Debian Bug : 1112348 A vulnerability has been discovered in python-h2...
Linux Distros Unpatched Vulnerability : CVE-2020-20740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdfgetversion. CVE-2020-20740 Note that Nessus relies on the presence o...