CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

CVE-2026-35213

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

Alibaba Cloud Linux 3 : 0043: php:7.4 (ALINUX3-SA-2026:0043)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0043 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-11233: In PHP versions 8.1. befor...

SUSE-SU-2026:20071-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. - CVE-2025-67725: quadratic complexity of string concatenatio...

USN-7783-1: LibTIFF vulnerabilities

Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF images. An attacker could possibly use this issue to cause LibTIFF to crash, resulting in a denial of service. CVE-2025-8961 Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly...

SUSE-SU-2025:01794-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-4948: Fixed integer underflow in soupmultipartnewfrommessage leading to denial of service bsc1243332 - CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak bsc1243423 - CVE-2025-32906: Fixed out of bounds reads in...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed Heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050: Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32051: Fixed Segmentation fault when parsing malformed data URI...

PT-2024-3314 · Tinyproxy +2 · Tinyproxy +2

Name of the Vulnerable Software and Affected Versions: Tinyproxy versions 1.10.0 through 1.11.1 Description: A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy. This vulnerability can be triggered by a specially crafted HTTP header, leading to memory...

SUSE-SU-2024:1131-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing bsc1220239. - CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing bsc1220242. - CVE-2024-26146: Fixed a...

SUSE-SU-2024:0946-1 Security update for rubygem-rack-1_4

This update for rubygem-rack-14 fixes the following issues: - CVE-2024-25126: Fixed a Denial of Service Vulnerability in Rack Content-Type Parsing bsc1220239 - CVE-2024-26141: Fixed a Denial of Service Vulnerability in Range request header parsing bsc1220242 - CVE-2024-26146: Fixed a Denial of...

Ubuntu: Security Advisory (USN-6689-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0765-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing bsc1220239. - CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing bsc1220242. - CVE-2024-26146: Fixed a...

CVE-2024-24753

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...

Apache Tomcat 9.0.0.M1 < 9.0.83

The version of Tomcat installed on the remote host is prior to 9.0.83. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.83security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-...

Code injection

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()

Function iconvmimedecodeheaders in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash...

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

FreeBSD : apache -- multiple vulnerabilities (f38187e7-2f6e-11e8-8f07-b499baebfeaf)

The Apache httpd reports : Out of bound write in modauthnzldap with AuthLDAPCharsetConfig enabled CVE-2017-15710 modsession: CGI-like applications that intend to read from modsession's 'SessionEnv ON' could be fooled into reading user-supplied data instead. CVE-2018-1283 modcachesocache: Fix...

mutt buffer overflow

Buffer overflow on headers parsing...

Citrix Access Gateway Plug-in for Windows ActiveX Control StartEPA() Method HTTP Response Header Parsing Overflows (CTX134303)

The Citrix Access Gateway ActiveX control for Citrix Access Gateway Enterprise Edition is installed on the remote Windows host. It is the ActiveX component of the Citrix Access Gateway Plug-in for Windows and provides an SSL-based VPN via a web browser. The installed version of this control...