9 matches found
CVE-2026-54388
Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...
SUSE CVE-2025-64763
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...
CVE-2024-34350
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...
HTTP Request Smuggling
Next is vulnerable to HTTP Request Smuggling. The vulnerability is due to inconsistent interpretation of a HTTP request, resulting in treating it as both a single request and two separate requests, leading to desynchronized responses. This allows attackers to craft HTTP request to manipulate or...
GHSA-77R5-GW3J-2MPF Next.js Vulnerable to HTTP Request Smuggling
Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to...
CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...
CVE-2024-34350
CVE-2024-34350 affects Next.js (React framework). The issue arises from inconsistent interpretation of a crafted HTTP request, causing a request to be treated as both a single request and two separate requests, which can poison the response queue. Exploitation requires the affected route to use t...
NetBSD <= 5.0.1 'IRET' General Protection Fault Handling Local Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36430/info NetBSD is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to cause the kernel stack to become desynchronized. This may allow the attacker to gain elevated privileges...
NetBSD 5.0.1 - IRET General Protection Fault Handling Privilege Escalation
NetBSD 5.0.1 - IRET General Protection Fault Handling Privilege Escalation / source: https://www.securityfocus.com/bid/36430/info NetBSD is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to cause the kernel stack to become desynchronized. This may all...