Astra Linux - уязвимость в git

In connect.c, the gitconnectgit function in Git before version 2.30.1 allows a repository path to contain a newline character. This may lead to unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

Siemens多款产品 代码问题漏洞

The Siemens RUGGEDCOM RM1224 is a wireless router produced by the German company Siemens. It provides data communication for roaming locations, with the capability to connect via 4G LTE and automatically fall back to 3G UMTS or EVDO cellular networks. Several Siemens products have code...

Unity Linux 20.1060e / 20.1070e Security Update: git (UTSA-2026-017428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017428 advisory. gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as...

CVE-2026-25819

CVE-2026-25819 affects HMS Networks Ewon Flexy and Cosy+ devices. Vulnerable versions include Flexy firmware before 15.0s4, Cosy+ firmware 22.xx before 22.1s6, and Cosy+ firmware 23.xx before 23.0s3. The issue allows unauthenticated attackers with GUI access to trigger a specially crafted HTTP re...

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There are security vulnerabilities associated with the Dormakaba Access Manager. These vulnerabilities stem from the default configuration, where SOAP requests are sent to the Acce...

CVE-2025-64388

Denial of service of the web server through specific requests to this protocol...

CVE-2025-64388

The CVE-2025-64388 entry concerns Circutor TCPRS1plus, where a denial-of-service against the device’s web server can be triggered by specific requests to the protocol. The reported impact focuses on availability (high) with the CVSS indicating network access, low attack complexity, and no privile...

CVE-2025-64388 Denial of service through specific packets

Denial of service of the web server through specific requests to this protocol...

USN-7814-1: LibHTP vulnerabilities

It was discovered that LibHTP did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2024-23837 It was discovered that LibH...

EUVD-2025-27460

Malicious code in bioql PyPI...

EUVD-2021-27510

Malicious code in bioql PyPI...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to select user account names.

The vulnerability of the Device Admin App on the ctrlX OS involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to select user account names by sending specially crafted HTTP requests remotely...

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

Fortinet FortiWLM 安全漏洞

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute unauthorized code or commands via...

CLSA-2023-1677096675 Fix of 5 CVEs

SECURITY UPDATE: out-of-bounds write caused by integer overflow - debian/patches/CVE-2022-41903.patch: use 'sizet' instead of 'int' to track the string lengths and so allow 2GB input sizes. - CVE-2022-41903 - t-mark-submodule-clean-test-as-known-failure.patch: mark submodule clean test as known...

SUSE CVE-2021-40330

gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

EulerOS Virtualization 3.0.2.6 : git (EulerOS-SA-2023-1078)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in...

Rockwell Automation controllers 输入验证错误漏洞

Rockwell Automation controllers are a series of controllers from Rockwell Automation. A denial of service vulnerability exists in Rockwell Automation controllers, which stems from its controllers mishandling of incorrectly formatted CIP requests, and can be exploited by an attacker to cause a maj...

EulerOS 2.0 SP10 : git (EulerOS-SA-2022-1204)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected...

The vulnerabilities of the Transfer-Encoding and Content-Length headers in the Netty network programming framework, related to deficiencies in HTTP request interpretation, allow attackers to compromise data integrity.

The vulnerability of the Transfer-Encoding and Content-Length headers in the Netty network programming framework is related to a lack of proper interpretation of HTTP requests. Exploiting this vulnerability allows an attacker to compromise the integrity of data...