Debian dla-4289 : python-eventlet-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4289 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4289-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 4289-1] python-eventlet security update

Debian LTS Advisory DLA-4289-1 [email protected] https://www.debian.org/lts/security/ Thomas Goirand September 02, 2025 https://wiki.debian.org/LTS Package : python-eventlet Version : 0.26.1-7+deb11u2 CVE ID : CVE-2025-58068 Debian Bug : CVE-2025-58068 Eventlet is a concurrent networkin...

SUSE SLES15 Security Update : ruby2.5 (SUSE-SU-2025:02739-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02739-2 advisory. - CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 - CVE-2025-27221: Fixed userinfo...

SUSE CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

Security Bulletin: This vulnerability can lead to cache poisoning, data exposure, session manipulation, etc , which affects IBM watsonx.data

Summary Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning...

SUSE-SU-2025:02739-2 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 - CVE-2025-27221: Fixed userinfo leakage in URIjoin, URImerge and URI+ bsc1237805...

CVE-2025-54142

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...

CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

HTTP Request Smuggling

Overview eventlet is a Highly concurrent networking library Affected versions of this package are vulnerable to HTTP Request Smuggling via improper handling of HTTP trailer sections in the wsgi parser. An attacker can bypass front-end security controls, launch targeted attacks against active site...

CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

Eventlet affected by HTTP request smuggling in unparsed trailers

Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches Patches Problem has...

[SECURITY] [DSA 5991-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5991-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 29, 2025 https://www.debian.org/security/faq -...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Aug 2025

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.2 IF001 Vulnerability Details CVEID:CVE-2025-53643 DESCRIPTION: AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python...

CVE-2025-54142

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...

Debian dsa-5991 : libnode-dev - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5991 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5991-1 [email protected] https://www.debian.org/securit...

CVE-2025-54142: HTTP Request Smuggling via OPTIONS + Body

Learn how Akamai InfoSec mitigated CVE-2025-54142 — an HTTP request smuggling vulnerability arising from OPTIONS requests with a body...

Linux Distros Unpatched Vulnerability : CVE-2018-21245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. CVE-2018-21245 Note that Nessus relies on the presence of the package as...

CVE-2025-6791

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

Linux Distros Unpatched Vulnerability : CVE-2016-15039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the...