12457 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fixed the memory leak in the elf header buffer. This issue was reported by the kmemleak detector: Unreferenced object 0xffffc900002a9000 size 4096: Command: "kexec", PID: 14950, Jiffies: 4295110793 Age: 373.951 seconds...
Astra Linux - уязвимость в firefox
The fetch API and navigation incorrectly shared the same cache. The cache key did not include the optional headers that fetch might contain. Under the correct circumstances, an attacker could have been able to corrupt the local browser cache by using a fetch response controlled by these additiona...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: i3c: mipi-i3c-hci: Fixed out-of-bounds access in hcidmairqhandler. Do not loop over ring headers in hcidmairqhandler, which are not allocated and enabled in hcidmainit. Otherwise, out-of-bounds access will occur when accessing...
Astra Linux - уязвимость в golang-1.23
The HTTP client discards sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header, which is redirected to b.com/, will not send that header to b.com. However, if the client receives a subsequent same-domain redirect, the...
Astra Linux - уязвимость в python3.11, python3.7
User-controlled header names and values containing newlines can allow for the injection of HTTP headers...
Astra Linux - уязвимость в nodejs
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
Linux Distros Unpatched Vulnerability : CVE-2026-8368
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects. On a 3xx response, the redirect...
Caddy CVE-2026-30852 Fix Bypass
TL;DR CVE-2026-30852 fixed double expansion in varsregexp when the variable key is a placeholder e.g. http.vars.x. The fix does NOT protect literal key names e.g. tenantid. An attacker injects env.AWSSECRETACCESSKEY or file./etc/passwd via a request header → Caddy expands it on the second pass →...
GHSA-WWHQ-W58M-W29C Caddy CVE-2026-30852 Fix Bypass
TL;DR CVE-2026-30852 fixed double expansion in varsregexp when the variable key is a placeholder e.g. http.vars.x. The fix does NOT protect literal key names e.g. tenantid. An attacker injects env.AWSSECRETACCESSKEY or file./etc/passwd via a request header → Caddy expands it on the second pass →...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
cpython: wsgiref.headers.Headers allows header newline injection in Python
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
GStreamer: GStreamer: Arbitrary code execution via ASF file processing
A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF Advanced Systems Forma...
GHSA-X97M-QP5C-W9XJ Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Summary Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value could become visible in browser history, copied links, and server/proxy/CDN access logs...
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Summary Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value could become visible in browser history, copied links, and server/proxy/CDN access logs...
cpython: wsgiref.headers.Headers allows header newline injection in Python
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...
cpython: wsgiref.headers.Headers allows header newline injection in Python
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...
Moderate: Red Hat Security Advisory: python3.12 security update
An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
cpython: wsgiref.headers.Headers allows header newline injection in Python
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...