EUVD-2018-19396

Malware in sbrugna...

CLSA-2025-1737153996 squid34: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

Carriage Return Line Feed(CRLF) Injection

Refit is vulnerable to Carriage Return Line FeedCRLF Injection. The vulnerability is due to lack of validation for CRLF characters in HTTP header values in the Refit library. Specifically, the HttpHeaders.TryAddWithoutValidation method used by Refit does not sanitize or check for CRLF sequences,...

CLSA-2024-1710436968 squid: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

CLSA-2024-1710436895 squid: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Node.js vulnerabilities (USN-6380-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6380-1 advisory. Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into...

CVE-2023-27493 Envoy doesn't escape HTTP header values

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values ...

SUSE CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:0602)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0602 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Oracle Linux 8 : nodejs:12 (ELSA-2020-0598)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0598 advisory. nodejs 1:12.16.1-1 - Resolves: RHBZ1800393, RHBZ1800394, RHBZ1800380 - Rebase to 12.16.1 nodejs-nodemon nodejs-packaging Tenable has extracted the...

PT-2020-19718 · None · Uvicorn

Name of the Vulnerable Software and Affected Versions: Uvicorn versions prior to 0.11.7 Description: The issue allows attackers to exploit HTTP response splitting by adding arbitrary headers to HTTP responses or returning an arbitrary response body when crafted input is used to construct HTTP...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM App Connect Enterprise V11

Summary IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2019-15606 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused ...

FreeBSD : Node.js -- multiple vulnerabilities (0032400f-624f-11ea-b495-000d3ab229d6)

Node.js reports : Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.j...

nodejs:12 security update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...

Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.19.0. Security Fixes: nodejs: HTTP request smuggling using malformed...

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

UBUNTU-CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

CVE-2019-15606

CVE-2019-15606 affects Node.js 10.x, 12.x and 13.x where trailing whitespace in HTTP header values can bypass header-based authorization. Public disclosures in Debian (DSA-4669-1) and Gentoo/Gentoo GLSA-202003-48 confirm multipleVulns including 15606; Elastic KB notes DoS/HTTP‑smuggling implicati...

February 2020 Security Releases

February 2020 Security Releases Update 6-February-2020 Security releases available Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.js versions can be...

CVE-2015-6949

Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values...