CVE-2025-32911 Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

CVE-2025-32911

A concrete vulnerability exists in libsoup: a use-after-free in soup_message_headers_get_content_disposition() can lead to memory corruption in the Libsoup server/client when handling Content-Disposition parameters. Connected advisories confirm multiple related flaws in libsoup (including this CV...

CVE-2025-32914

A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...

CVE-2025-32914

A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...

CVE-2025-32914 Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process

A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...

CVE-2025-32914 Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process

A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...

CVE-2025-32914

CVE-2025-32914 affects libsoup and is described across multiple advisories (e.g., Rocky Linux, AlmaLinux/ALAS, Amazon Linux). The flaw is an out-of-bounds read in soup_multipart_new_from_message() in libsoup (soup-multipart.c), which can cause a crash or Denial of Service when processing certain ...

Debian dla-4101 : libvarnishapi-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4101 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4101-1 [email protected] https://www.debian.org/lts/security/...

golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...

libsoup security update

An update is available for libsoup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsoup packages provide an HTTP client and server library for GNOME...

libsoup security update

An update is available for libsoup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsoup packages provide an HTTP client and server library for GNOME...

RLSA-2025:0791 Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict CVE-2024-52531 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

CVE-2025-27152

CVE-2025-27152 affects axios, a promise-based HTTP client for browser and Node.js. The issue occurs when passing absolute URLs (not protocol-relative) to axios; even if baseURL is set, requests may be sent to the absolute URL, enabling SSRF and potential credential leakage for both server-side an...

Linux Distros Unpatched Vulnerability : CVE-2025-22150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a...

Linux Distros Unpatched Vulnerability : CVE-2024-50342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When usi...

Linux Distros Unpatched Vulnerability : CVE-2024-30260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy- Authorization headers for fetch, but did not clear them...

Linux Distros Unpatched Vulnerability : CVE-2024-24791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an Expect: 100-continue header with a non-informational 200 or higher...

OESA-2025-1224 golang security update

. Security Fixes: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an Expect: 100-continue header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2025-22150)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22150 advisory. - Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and...

Azure Linux 3.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2024-37891)

The version of python-pip / python-urllib3 / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37891 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3...