RLSA-2026:22140 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd:...

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

PT-2026-44997

Name of the Vulnerable Software and Affected Versions Exim versions 4.88 through 4.99.3 Description In certain proxy configurations, the PROXY-protocol parser mishandles short payloads, resulting in a pre-authentication information disclosure. This issue allows the leakage of uninitialized stack...

Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

CLSA-2026-1779129626 httpd: Fix of CVE-2026-28780

CVE-2026-28780: modproxyajp: heap-based buffer overflow in ajpmsgcheckheader — message size check did not subtract AJPHEADERLEN, letting a crafted AJP reply write 4 bytes past the end of the heap buffer...

curl: CRLF Injection in HAProxy PROXY Protocol via CURLOPT_HAPROXY_CLIENT_IP allows IP spoofing and protocol injection

Summary: CURLOPTHAPROXYCLIENTIP introduced in curl 8.2.0 accepts arbitrary strings without any validation or sanitization before injecting them into the HAProxy PROXY protocol v1 header. An attacker who can influence the value passed to this option e.g., through a web application that proxies...

BIT-MONGODB-2026-1848 Connections received from the proxy port may not count towards total accepted connections

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

CVE-2026-1848

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

CVE-2026-1848

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

UBUNTU-CVE-2026-1848

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

CVE-2026-1848

CVE-2026-1848 affects a MongoDB component where connections received via the proxy port are not counted toward the total accepted connections while the proxy protocol header is pending. This can allow the server to reach resource limits, potentially causing crashes when the total connections exce...

CVE-2026-1848 Connections received from the proxy port may not count towards total accepted connections

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

Connections received from the proxy port may not count towards total accepted connections

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

PT-2026-7421

Name of the Vulnerable Software and Affected Versions Connections affected versions not specified Description The system may not accurately count connections received through the proxy port, specifically when a proxy protocol header is present. This can lead to the server exceeding its connection...

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

EUVD-2020-23142

Malware in sbrugna...

EUVD-2021-1065

Malware in sbrugna...

EUVD-2025-18750

Malicious code in bioql PyPI...

EUVD-2024-20840

Malicious code in bioql PyPI...