88 matches found
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
Impact Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. Support was added to Puma in v5.5.0. A proxy sends one PROXY header at the beginning of a TCP connection, befo...
GHSA-2VQW-3MP8-CGMX Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
Impact Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. Support was added to Puma in v5.5.0. A proxy sends one PROXY header at the beginning of a TCP connection, befo...
PT-2026-47626
Impact Puma is vulnerable to source IP spoofing when set remote address proxy protocol: :v1 is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. Support was added to Puma in v5.5.0. A proxy sends one PROXY header at the beginning of a TCP connection,...
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
Impact Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. Support was added to Puma in v5.5.0. A proxy sends one PROXY header at the beginning of a TCP connection, befo...
Unity Linux 20.1060e / 20.1070e Security Update: rubygem-excon (UTSA-2026-016618)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016618 advisory. In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave da...
BIT-LIBPYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
EUVD-2026-22311
The Python remote debugging feature could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be...
CVE-2026-5713
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
CVE-2026-5713
The CVE-2026-5713 entry covers a vulnerability in Python related to the profiling.sampling module (Python 3.15+) and asyncio introspection capabilities (3.14+). The issue enables out-of-bounds read/write in a privileged process when that process is connected to a malicious or infected Python proc...
CVE-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
PSF-2026-19
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
CVE-2026-28497
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
CVE-2026-25949
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest STARTTLS prelude and then intentionally delaying further communication. This action bypasses Traefik's configured read...
CVE-2019-16779
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...
CVE-2025-22432
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-22432
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-22432
CVE-2025-22432 affects the Android Framework (CallRedirectionProcessor.java). The root cause is improper input validation in notifyTimeout, which may create a persistent connection and enable local escalation of privilege, triggering background activity launches with User privileges and no user i...
CVE-2025-22432
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
EUVD-2020-0445
Malware in sbrugna...
EUVD-2019-0799
Malware in sbrugna...