15 matches found
RockyLinux 8 : php:7.4 (RLSA-2026:2470)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2470 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...
RHEL 8 : libsoup (RHSA-2026:0867)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0867 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...
MiracleLinux 9 : php:8.1 (AXSA:2025-9901:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9901:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...
MiracleLinux 9 : php:8.3 (AXSA:2025-10557:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10557:01 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth...
CVE-2025-6442
CVE-2025-6442 affects Ruby WEBrick: the vulnerability is a flaw in read_headers that causes inconsistent termination parsing of HTTP headers, enabling HTTP request smuggling under certain proxy conditions. Affected are Ruby WEBrick and Rubygem-WeBrick components across several platforms (e.g., Ru...
CVE-2023-32762
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the cas...
libsoup 代码问题漏洞
libsoup is a GNOME HTTP client/server library from the GNOME Project. A code issue vulnerability exists in libsoup, which stems from the fact that handling certain constructs of the WWW-Authenticate header may cause a client application to crash, potentially leading to a denial of service attack...
CBL Mariner 2.0 Security Update: php (CVE-2025-1217)
The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1217 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...
OESA-2024-2068 netty3 security update
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...
USN-6670-1 php-guzzlehttp-psr7 vulnerabilities
It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack...
PT-2023-8904
Name of the Vulnerable Software and Affected Versions Rack versions 2.0.0 through 2.2.6.3 Rack versions 3.0.0 through 3.0.6.0 Description The issue is related to the header parsing component of Rack, which can be exploited to cause a denial of service. This can happen when carefully crafted input...
SUSE CVE-2019-20444
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...
GHSA-P979-4MFW-53VG HTTP Request Smuggling in Netty
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding : chunked" line, which leads to HTTP request smuggling...
Amavis 0.1.6 - Header Parsing Mail Relaying
Amavis 0.1.6 - Header Parsing Mail Relaying source: https://www.securityfocus.com/bid/7306/info It has been reported that some versions of Amavis-ng do not properly interact with Postfix. Because of this, an attacker may be able to circumvent relay restrictions. telnet somemx.domain.tld 25 220...
FreeBSD-SA-03:07.sendmail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:07.sendmail Security Advisory The FreeBSD Project Topic: a second sendmail header parsing buffer overflow Category: contrib Module: contribsendmail Announced:...