MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.19-1.el7, rh-nodejs14-nodejs-14.20.0-2.el7 (AXSA:2022-3813:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3813:02 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

HTTP Request Smuggling

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to HTTP Request Smuggling via improper parsing of the Transfer-Encoding header in the readRawBody function. An attacker can bypass security controls...

CVE-2020-7658

meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...

EUVD-2025-32887

The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread termination and a Denial-of-Service DoS. The...

SwiftASN1 安全漏洞

SwiftASN1 is an open source ASN.1 implementation of Swift by Apple. A security vulnerability exists in SwiftASN1 versions prior to 1.3.0 that stems from incorrect assumptions about the form of an object when parsing certain BER/DER constructs, which triggers a precondition failure when these...

OESA-2024-2259 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request...

SUSE CVE-2014-9745

The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...

SUSE CVE-2019-16786

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with t...

ALSA-2022:6448 Moderate: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodi...

Pixar OpenUSD Buffer Error Vulnerability

Pixar OpenUSD is a software from the American company Pixar Pixar that generates 3D computer scenes. The software is widely used in the animation and game industries for designing 3D scenes. A security vulnerability exists in Pixar OpenUSD 20.05 that stems from an exploitable flaw in the way it...

HTTP Request Smuggling

Overview agoo is a fast HTTP server supporting rack. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct...

meinheld environment error vulnerability

meinheld is a WSGI Web Server Gateway Interface asynchronous Web server from the Japanese software developer Yutaka Matsubara. An environment error vulnerability exists in meinheld because the program does not properly parse the Content-Length and Transfer Encoding headers. An attacker could...

HTTP Request Smuggling

Overview netius is a Python network library that can be used for the rapid creation of asynchronous non-blocking servers and clients. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect...

PT-2019-6225 · Waitress +3 · Waitress +3

Name of the Vulnerable Software and Affected Versions: Waitress versions prior to 1.4.0 Description: The issue is related to the incorrect parsing of the Transfer-Encoding header in Waitress. According to the HTTP standard, Transfer-Encoding should be a comma-separated list with the inner-most...