Lucene search
K

274 matches found

OSV
OSV
added 2025/08/08 9:11 a.m.2 views

SUSE-SU-2025:02739-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 - CVE-2025-27221: Fixed userinfo leakage in URIjoin, URImerge and URI+ bsc1237805...

6.5CVSS5.7AI score0.00472EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.11 views

TencentOS Server 3: nodejs:18 (TSSA-2024:0177)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0177 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.2CVSS7AI score0.87211EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.11 views

CVE-2021-41442

An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet...

7.5CVSS7AI score0.04583EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

7.8CVSS7.4AI score0.05416EPSS
Exploits6
OpenVAS
OpenVAS
added 2025/03/19 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2025-1298)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.01043EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/12 1:44 p.m.1 views

HTTP Request Smuggling

Overview io.ktor:ktor-network-tls-jvm is a framework for quickly creating web applications in Kotlin with minimal effort. Affected versions of this package are vulnerable to HTTP Request Smuggling due to a race condition between multiple coroutines using the same thread. Remediation Upgrade...

6.9CVSS6.9AI score0.00305EPSS
Exploits0References2
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: php8.3

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS10AI score0.02286EPSS
Exploits6
Oracle linux
Oracle linux
added 2025/03/05 12:0 a.m.28 views

squid security update

7:3.5.20-17.0.5.13 - Fixed cve 2023-46846 for http and icap request/response smuggling Orabug: 37326730...

9.3CVSS7.4AI score0.05255EPSS
Exploits0
OSV
OSV
added 2025/02/03 9:17 a.m.2 views

SUSE-SU-2025:20101-1 Security update for haproxy

This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: - VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 - BUG/MINOR: cfgparse-listen: fix option httpslog...

5.3CVSS6.2AI score0.01043EPSS
Exploits0References3
Amazon
Amazon
added 2024/12/19 12:0 a.m.3 views

Important: ruby

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

7AI score0.00393EPSS
Exploits0
Amazon
Amazon
added 2024/12/19 12:0 a.m.11 views

Important: libsoup

Issue Overview: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup...

8.4CVSS7.8AI score0.00933EPSS
Exploits2
SUSE Linux
SUSE Linux
added 2024/12/17 12:35 p.m.4 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...

8.7CVSS7.5AI score0.00933EPSS
Exploits2References12
OSV
OSV
added 2024/11/11 8:15 p.m.1 views

UBUNTU-CVE-2024-52530

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...

7.5CVSS6.8AI score0.00793EPSS
Exploits1References7
Veracode
Veracode
added 2024/10/15 7:39 a.m.10 views

HTTP Smuggling

org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...

5.3CVSS6.6AI score0.00653EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/08 4:26 p.m.14 views

CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS5.2AI score0.00653EPSS
Exploits0References4
CVE
CVE
added 2024/10/08 4:26 p.m.74 views

CVE-2024-9622

CVE-2024-9622 applies to the resteasy-netty4 library, where improper handling of HTTP requests containing ASCII control characters can trigger the Netty HttpObjectDecoder BAD_MESSAGE state. This causes subsequent legitimate requests on the same connection to be ignored, leading to client timeouts...

5.3CVSS5.2AI score0.00653EPSS
Exploits0References4
OSV
OSV
added 2024/09/22 1:15 a.m.4 views

UBUNTU-CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.8AI score0.00393EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 8 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nginx: memory leak in IPv4 Off Handler CVE-2022-3638 Note that Nessus has not tested for this issue but has instead...

6.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/18 1:56 a.m.112 views

Moderate: Red Hat Security Advisory: RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements

An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.8 fixes several security an operational bugs, adds some new features and upgrades the underlying Pulp to a newer version. Red Hat Product Security has rated this update as having a security impact of Moderate. A...

7.5CVSS6.5AI score0.76875EPSS
Exploits22References19
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.61 views

CVE-2024-1135 HTTP Request Smuggling in benoitc/gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.5CVSS7.7AI score0.02996EPSS
Exploits0References2
Rows per page
Query Builder