Lucene search
+L

278 matches found

OSV
OSV
added 2025/09/02 3:38 p.m.4 views

SUSE-SU-2025:03051-1 Security update for python-eventlet

This update for python-eventlet fixes the following issues: - CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling bsc1248994...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-8004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server ATS. This affects versio...

6.5CVSS6.8AI score0.06308EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-7238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later...

7.5CVSS6.9AI score0.03617EPSS
Exploits1References2
OSV
OSV
added 2025/08/08 9:11 a.m.2 views

SUSE-SU-2025:02739-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 - CVE-2025-27221: Fixed userinfo leakage in URIjoin, URImerge and URI+ bsc1237805...

6.5CVSS5.7AI score0.00472EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.11 views

TencentOS Server 3: nodejs:18 (TSSA-2024:0177)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0177 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.2CVSS7AI score0.87211EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.11 views

CVE-2021-41442

An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet...

7.5CVSS7AI score0.03552EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.7 views

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

7.8CVSS7.4AI score0.0995EPSS
Exploits6
OpenVAS
OpenVAS
added 2025/03/19 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2025-1298)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.01043EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/12 1:44 p.m.1 views

HTTP Request Smuggling

Overview io.ktor:ktor-network-tls-jvm is a framework for quickly creating web applications in Kotlin with minimal effort. Affected versions of this package are vulnerable to HTTP Request Smuggling due to a race condition between multiple coroutines using the same thread. Remediation Upgrade...

6.9CVSS6.9AI score0.00305EPSS
Exploits0References2
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: php8.3

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS10AI score0.02286EPSS
Exploits6
Oracle linux
Oracle linux
added 2025/03/05 12:0 a.m.31 views

squid security update

7:3.5.20-17.0.5.13 - Fixed cve 2023-46846 for http and icap request/response smuggling Orabug: 37326730...

9.3CVSS7.4AI score0.05298EPSS
Exploits0
OSV
OSV
added 2025/02/03 9:17 a.m.2 views

SUSE-SU-2025:20101-1 Security update for haproxy

This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: - VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 - BUG/MINOR: cfgparse-listen: fix option httpslog...

5.3CVSS6.2AI score0.01043EPSS
Exploits0References3
Amazon
Amazon
added 2024/12/19 12:0 a.m.12 views

Important: libsoup

Issue Overview: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup...

8.4CVSS7.8AI score0.00933EPSS
Exploits2
Amazon
Amazon
added 2024/12/19 12:0 a.m.4 views

Important: ruby

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

7AI score0.00393EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2024/12/17 12:35 p.m.4 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...

8.7CVSS7.5AI score0.00933EPSS
Exploits2References12
OSV
OSV
added 2024/11/11 8:15 p.m.4 views

UBUNTU-CVE-2024-52530

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...

7.5CVSS6.8AI score0.00793EPSS
Exploits1References7
Veracode
Veracode
added 2024/10/15 7:39 a.m.11 views

HTTP Smuggling

org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...

5.3CVSS6.6AI score0.00649EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/08 4:26 p.m.14 views

CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS5.2AI score0.00649EPSS
Exploits0References4
CVE
CVE
added 2024/10/08 4:26 p.m.76 views

CVE-2024-9622

CVE-2024-9622 applies to the resteasy-netty4 library, where improper handling of HTTP requests containing ASCII control characters can trigger the Netty HttpObjectDecoder BAD_MESSAGE state. This causes subsequent legitimate requests on the same connection to be ignored, leading to client timeouts...

5.3CVSS5.2AI score0.00649EPSS
Exploits0References4
OSV
OSV
added 2024/09/22 1:15 a.m.12 views

UBUNTU-CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.8AI score0.00393EPSS
Exploits0References5
Rows per page
Query Builder