cups: Authentication Bypass in CUPS Authorization Handling

A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...

CVE-2025-59163

vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE...

CLSA-2025-1758289909 Fix CVE(s): CVE-2025-1735, CVE-2025-1736

SECURITY UPDATE: Inadequate validation in pgsql and pdopgsql functions - debian/patches/CVE-2025-1735.patch: add error checks for escape function in pgsql and pdopgsql extensions to prevent potential security issues - CVE-2025-1735 SECURITY UPDATE: Insufficient HTTP header validation -...

CVE-2023-49564

CVE-2023-49564 : The CBIS/NCS Manager API is vulnerable to an authentication bypass. A specially crafted HTTP header from an unauthenticated user can access restricted API functions. Root cause is a weak verification mechanism in the authentication implementation within the Nginx Podman container...

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities

Better Glyph drawing. CVE-2025-30749 Enhance TLS protocol support. CVE-2025-30754 Improve scripting supports. CVE-2025-30761 Improve HTTP client header handling. CVE-2025-50059 Better Glyph drawing redux. CVE-2025-50106...

MGASA-2025-0233 Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities

Better Glyph drawing. CVE-2025-30749 Enhance TLS protocol support. CVE-2025-30754 Improve scripting supports. CVE-2025-30761 Improve HTTP client header handling. CVE-2025-50059 Better Glyph drawing redux. CVE-2025-50106...

CVE-2025-10485 pojoin h3blog HTTP Header login ppt_log cross site scripting

A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function pptlog of the file /login of the component HTTP Header Handler. Such manipulation of the argument X-Forwarded-For leads to cross site scripting. The attack may be...

CVE-2025-10392

The CVE-2025-10392 entry concerns Mercury KM08-708H GiGA WiFi Wave2 1.1.14. Affects the HTTP Header Handler component, where manipulating the Host argument causes a stack-based buffer overflow. The vulnerability is exploitable remotely, with exploit code publicly available. Documents indicate a C...

Security update for python-h2

This update for python-h2 fixes the following issues: CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

Security Bulletin: Multiple vulnerabilities found in IBM Security Verify Information Queue

Summary Multiple security vulnerabilities in the third-party libraries have been addressed in IBM Security Verify Information Queue ISIQ Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and...

CLSA-2025-1757016160 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861

SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...

CLSA-2025-1757014652 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861

SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...

CVE-2025-40927

An HTTP response splitting flaw was found in the CGI::Simple Perl module. This flaw in CGI::Simple allows HTTP response header injection, which can be used for a reflected cross-site scripting XSS attack or an open redirect under certain conditions. Although some validation exists, it can be...

Linux Distros Unpatched Vulnerability : CVE-2025-40927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that...

Linux Distros Unpatched Vulnerability : CVE-2015-5740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request...

Linux Distros Unpatched Vulnerability : CVE-2021-23400

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed...

Linux Distros Unpatched Vulnerability : CVE-2023-36478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer...

SUSE CVE-2025-40927

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...

Versity panic induced by AWS chunked data sent to port

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...