CVE-2026-0078

In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48611

In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48615

In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Fedora 42 : varnish (2025-525d870026)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-525d870026 advisory. Security: This update includes fixes for CVE-2025-47905 aka VSV00016: A client-side desync vulnerability can be triggered in Varnish Cache. This vulnerabilit...

OESA-2025-1556 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

www/varnish7 -- Request Smuggling Attack

The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...

DEBIAN-CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

Dell PowerVault ME5 Client-Side Desync (DSA-2023-018)

The version of Dell PowerVault ME5 installed on the remote host is prior to ME5.1.1.0.5. It is, therefore, affected by a vulnerability as referenced in the DSA-2023-018 advisory. - Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticat...

CVE-2021-46825

Affected products: Symantec Advanced Secure Gateway (ASG) and ProxySG. Vulnerability: HTTP desync/HTTP desmuggling where a remote, unauthenticated attacker can leverage crafted HTTP requests to cause the proxy to forward a web server’s responses to unintended clients when the attacker and other c...

PT-2022-3498 · Symantec · Proxysg +1

Name of the Vulnerable Software and Affected Versions: Symantec Advanced Secure Gateway ASG and ProxySG affected versions not specified Description: The issue is related to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy wit...

CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...