UBUNTU-CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

CVE-2026-42545

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...

CVE-2026-23242

CVE-2026-23242 affects the Linux kernel RDMA/siw header processing: siw_tcp_rx_data may dereference a NULL qp->rx_fpdu if siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(). The fix adds a NULL check for rx_fpdu before accessing more_ddp_segs, preventing the NULL pointer dereference. P...

Open5GS 安全漏洞

Open5GS is an Open5GS open source C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS version 2.7.5 and earlier, which originates from a vulnerability in the function decodeipv6header/ogspfcppdr in the file...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 have an information disclosure vulnerability that is caused by an error message...

PT-2025-44006

Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

AZL-66866 CVE-2025-38712 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUGON in hfspluscreateattributesfile When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplusfillsuper assumes that the attributes file is not yet created...

Linux Distros Unpatched Vulnerability : CVE-2023-32732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin...

SUSE CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

CVE-2024-56656

CVE-2024-56656 affects the bnxt_en driver in the Linux kernel and is caused by an aggregation ID mask that was not updated for P7 (5760X) chips. The completion structures’ aggregation ID field was redefined from 16 bits to 12 bits on P7, freeing 4 bits for metadata (e.g., VLAN ID). As a result, t...

OESA-2024-2064 grpc security update

gRPC is a modern open source high performance RPC framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...

CVE-2023-0833

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

Streams: component version with information disclosure flaw

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

PT-2025-18579 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the tipc nl compat name table dump header function. The issue was caused by a missing type cast of sizeof.. to int, whi...

Dotnet 代码问题漏洞

Dotnet is an open source http web framework. A code issue vulnerability exists in Dotnet that stems from an error in the HTTP header of the product's ASP.NET Core Krestel component. An attacker could cause a denial of service via this vulnerability...

DEBIAN-CVE-2020-9308

archivereadsupportformatrar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header such as a header size of zero, leading to a SIGSEGV or possibly unspecified other impact...

Citrix Web Application Firewall : 400 Bad Request

Getting the error "The request failed with HTTP status 400:." when opening an application hosted using a Load balancing Virtual Server when Application Firewall Profile is bound. Sample entry seen in /var/log/ns.log : Nov 22 09:49:45 172.25.224.219 11/22/2018:09:49:45 GMT qahvpxlb09 0-PPE-1 :...

GHSA-GFX6-PH4Q-Q54Q Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core

Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...

Mozilla: Errors in the handling of CORS preflight request headers (MFSA 2015-111)

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging 1 duplicate cache-key generation or 2 retrieval of a value from an incorrect HTTP Access-Control- response header...

XITAMI invalid request endless loop

If HTTP header doesn't contain ':' server goes into endless loop...