USN-8232-1 python-django vulnerabilities

It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSIONSAVEEVERYREQUEST was enabled. A remote attacker could possibly use this issue to steal a user's session. CVE-2026-35192 Kyle Agronick and Jacob Walls discovered that Django...

openSUSE 15 Security Update : python310 (SUSE-SU-2026:0130-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0130-1 advisory. - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availabili...

SUSE-SU-2025:4538-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 - CVE-2025-13837: Fixed plistlib module deni...

EUVD-2021-0719

Malware in sbrugna...

CVE-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

CVE-2024-50609

Fluent Bit 3.1.9 is affected by CVE-2024-50609 via the OpenTelemetry input plugin. A packet with Content-Length: 0 can trigger a NULL pointer dereference in opentelemetry_prot.c (process_payload_traces_proto_ng), causing a remote denial of service when the endpoint is reachable. The issue is spec...

Tenda i22 Code Issue Vulnerability

The Tenda i22 is a wireless access point from Tenda China. A code issue vulnerability exists in the Tenda i22 that stems from improper handling of the parameter Content-Length, resulting in a null pointer dereference. An attacker can exploit this vulnerability to upload arbitrary files...

PT-2023-8839 · Aiohttp +5 · Aiohttp +5

Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.8.6 Description: The HTTP parser in aiohttp has numerous problems with header parsing, which could lead to request smuggling. This issue is related to the handling of Content-Length values, improper handling of NUL...

CVE-2022-38114

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS...

SolarWinds Security Event Manager 环境问题漏洞

SolarWinds Security Event Manager SolarWinds SEM is an American SolarWinds Inc. for forensics and troubleshooting, as well as a tool to help you manage log data. A cross-site scripting vulnerability exists in SolarWinds Security Event Manager versions prior to 2022.4. The vulnerability stems from...

USN-4308-2 twisted vulnerabilities

USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject...

CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was...

Jetty < 4.2.19 HTTP Server HttpRequest.java Content-Length Handling Remote Overflow DoS

According to its banner, the remote host is running a version of Jetty that is older than 4.2.19. The version is vulnerable to a unspecified denial of service. Sarju Bhagat GPLv2 Changes by Tenable: - added CVE xrefs. - revised plugin title, changed family 6/17/09 include"compat.inc"; if...