670 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-17420
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the httpheader signature to not alert on a...
Linux Distros Unpatched Vulnerability : CVE-2018-6794
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends...
Linux Distros Unpatched Vulnerability : CVE-2015-5168
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different...
Exploit for CVE-2025-8671
PoC-CVE-2025-8671-MadeYouReset-HTTP-2 PoC para validar vulnera...
Apache Tomcat Denial of Service Vulnerability (CNVD-2025-19106)
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a denial of service vulnerability due to a forced reset attack in the HTTP/2 implementation. An attacke...
Linux Distros Unpatched Vulnerability : CVE-2023-47118
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issu...
Security update for rust-keylime
This update for rust-keylime fixes the following issues: Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344. CVE-2024-12224...
Linux Distros Unpatched Vulnerability : CVE-2025-49630
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients...
F5 Networks BIG-IP : HTTP/2 vulnerability (K000152001)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.2. It is, therefore, affected by a vulnerability as referenced in the K000152001 advisory. An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2...
F5 BIG-IP APM 安全漏洞
F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A security vulnerability exists in F5 BIG-IP APM that stems from an HTTP/2 implementation flaw that could lead to a denial-of-service attack...
The vulnerability of the HTTPS protocol implementation in macOS operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the HTTPS protocol’s implementation in macOS systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
Apache Tomcat 10.1.0.M1 < 10.1.44
The version of Tomcat installed on the remote host is prior to 10.1.44. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.44security-10 advisory. - Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically...
Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability
Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides reports related to business data and call center data presentation capabilities. A server-side request forgery vulnerability exists in Cisco Unified Intelligence...
UBUNTU-CVE-2025-53537
LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set suricata.yaml...
CVE-2025-8037
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
Malicious code in aog-checker (npm)
Malicious package due to data exfiltration via HTTPS and DNS, and a suspicious preinstall script executing code before installation. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7348f881da3fd51ab1de0082ff6538b4c7882dd76eb460e2f64cac368fadd7c7 Any computer that ha...
Brother Industries Multiple driver installers for Windows 安全漏洞
Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows, which can be exploited by an unauthenticated attacker to access the /etc/mntinfo.csv path vi...
libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value
A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...
CVE-2025-6146
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...