Lucene search
K

27 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021307 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

9.1CVSS6.6AI score0.00724EPSS
Exploits0References4
OSV
OSV
added 2026/01/30 4:44 p.m.16 views

CLEANSTART-2026-SB25660 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the falcosidekick-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00724EPSS
Exploits0References37
OSV
OSV
added 2026/01/30 3:31 p.m.2 views

CLEANSTART-2026-PG91940 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the harbor-registry package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00724EPSS
Exploits2References33
OSV
OSV
added 2026/01/30 3:13 p.m.10 views

CLEANSTART-2026-OJ41940 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00804EPSS
Exploits0References17
OSV
OSV
added 2026/01/30 3:12 p.m.11 views

CLEANSTART-2026-CR41732 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00804EPSS
Exploits0References17
OSV
OSV
added 2025/11/13 10:36 p.m.4 views

GHSA-6JQF-MV7M-3Q7P File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency

The standard library net/http package dependency used by File Browser improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. I can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a...

9.1CVSS6.9AI score0.00724EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/13 10:36 p.m.28 views

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency

The standard library net/http package dependency used by File Browser improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. I can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a...

9.1CVSS7AI score0.00724EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/19 1:13 p.m.8 views

OESA-2025-2308 golang security update

. Security Fixes: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.CVE-2025-22871...

9.1CVSS6.9AI score0.00724EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 1:13 p.m.5 views

OESA-2025-2307 golang security update

. Security Fixes: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.CVE-2025-22871...

9.1CVSS6.9AI score0.00724EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/09/10 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-2126)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.7AI score0.00724EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/29 4:12 p.m.34 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-4673 DESCRIPTION: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVSS Source: CISA A...

9.1CVSS8.1AI score0.73495EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-22871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server ...

9.1CVSS6.7AI score0.00724EPSS
Exploits0References4
Amazon
Amazon
added 2025/06/23 12:0 a.m.9 views

Important: runc

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/06/23 12:0 a.m.10 views

Important: runc

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.5AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/06/10 12:0 a.m.2 views

Important: cni-plugins

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 The net/http package accepted data in the chunked transfer encoding...

9.8CVSS6.7AI score0.01952EPSS
Exploits0
Amazon
Amazon
added 2025/06/02 12:0 a.m.13 views

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.6AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/05/29 12:0 a.m.5 views

Important: oci-add-hooks

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/05/29 12:0 a.m.7 views

Important: oci-add-hooks

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
OSV
OSV
added 2025/04/10 7:19 a.m.11 views

BIT-GOLANG-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS7.8AI score0.00724EPSS
Exploits0References7
OSV
OSV
added 2025/04/08 9:31 p.m.5 views

GHSA-G9PC-8G42-G6VQ RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency

The net/http package dependency used by RoadRunner improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS6.9AI score0.00724EPSS
Exploits0References11
Rows per page
Query Builder