10978 matches found
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow bsc1259447...
SUSE-SU-2026:1201-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow bsc1259447. -...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
DEBIAN-CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
UBUNTU-CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842 Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842 Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842
Tinyproxy 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive Transfer-Encoding check in is_chunked_transfer() (strcmp against "chunked"). RFC 7230 requires case-insensitive transfer-coding names. An unauthenticated attacker sending Transfer-Encoding: Chunked ca...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
Linux Distros Unpatched Vulnerability : CVE-2026-31789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A...
dbt 操作系统命令注入漏洞
Dbt is a data encoding tool open source by Dbt Labs. Dbt has a vulnerability related to operating system command injection. This vulnerability arises from directly inserting text controlled by the attacker into shell syntax without escaping it, which may lead to the execution of arbitrary shell...
Linux Distros Unpatched Vulnerability : CVE-2026-33033
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by...
PT-2026-30894
Name of the Vulnerable Software and Affected Versions Emissary versions prior to 8.39.0 Description Emissary is a P2P based data-driven workflow engine. Prior to version 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that...
PT-2026-30850
Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.29, 5.2 through 5.2.12, and 6.0 through 6.0.3 Description The MultiPartParser component is susceptible to performance degradation when processing multipart uploads containing Content-Transfer-Encoding: base64 wi...
PT-2026-30811
Name of the Vulnerable Software and Affected Versions Tinyproxy versions 1.0 through 1.11.3 Description An issue exists in the way the Transfer-Encoding header is parsed in src/reqs.c. The is chunked transfer function uses strcmp to compare the header value against "chunked", failing to account f...
Emissary 路径遍历漏洞
Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a path traversal vulnerability. This vulnerability stemmed from the use of a blacklist method to validate configuration names in the configuration...
RHEL 8 : freerdp (RHSA-2026:6764)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6764 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...