274 matches found
MiracleLinux 9 : squid-5.5-5.el9.1 (AXSA:2023-6560:03)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6560:03 advisory. SQUID-2023:3 squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 SQUID-2023:1 squid: Request/Response smuggling in HTTP/1.1 and IC...
MiracleLinux 7 : rh-ruby27-ruby-2.7.3-129.el7 (AXSA:2021-1769:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1769:01 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted th...
MiracleLinux 9 : nodejs-nodemon-2.0.20-2.el9, nodejs-16.18.1-3.el9 (AXSA:2023-5057:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5057:01 advisory. minimist: prototype pollution CVE-2021-44906 nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 nodejs: HTTP Request Smuggling due t...
MiracleLinux 9 : nodejs-nodemon-2.0.19-1.el9, nodejs-16.16.0-1.el9 (AXSA:2022-4073:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4073:01 advisory. nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-parent: Regular expression denial of service CVE-2020-28469...
MiracleLinux 8 : grafana-9.2.10-25.el8_10 (AXSA:2025-10021:06)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10021:06 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 9 : grafana-pcp-5.1.1-11.el9_6 (AXSA:2025-10537:03)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10537:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
PT-2026-23085
Name of the Vulnerable Software and Affected Versions libsoup versions 2.4.1-2.74.3 through 2.4.1-2.74.3-17.1 libsoup versions 3.0.0-3.6.6 through 3.0.0-3.6.6-1.1 Description The libsoup library contains flaws related to HTTP/1 request smuggling. Specifically, the soup headers parse function...
Security Bulletin: IBM Storage Ceph is vulnerable to HTTP Request/Response Smuggling in Grafana (CVE-2025-22871)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Golang via Grafana. CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line...
PT-2025-52508
Name of the Vulnerable Software and Affected Versions Quest Coexistence Manager for Notes version 3.8.2045 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' exists in Quest Coexistence Manager for Notes Free/Busy Connector modules. This allows HTTP...
HTTP-Smuggling
HTTP-Smuggling simpel Practical lab for learning HTTP Request...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling (HRS) due to gunicorn
Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of wxo-rag-tool image Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads ...
EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-2500)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...
Low: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.4
Red Hat OpenShift Service Mesh 3.1.4 Red Hat OpenShift Service Mesh 3.1.4, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. Fixes/Improvements: Updated to Istio version...
Low: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.7
Red Hat OpenShift Service Mesh 3.0.7 Red Hat OpenShift Service Mesh 3.0.7, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. Security Fixes: istio-proxyv2-rhel9: AIOHTTP is...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to request smuggling due to the Netty package (CVE-2025-58056)
Summary Netty is used by DataStage on Cloud Pak for Data as part of the event processing functionality. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and...
macOS 15.x < 15.7.2 Multiple Vulnerabilities (125635)
The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.7.2. It is, therefore, affected by multiple vulnerabilities: - A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe...
Tenable Identity Exposure < 3.77.14 Multiple Vulnerabilities (TNS-2025-23)
The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.14. It therefore contains vulnerable versions of third-party components .NET, SQL Server, and curl. Tenable has upgraded these components to address the potential impact of the issues,...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-7840-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7840-1 advisory. It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of...
Linux Distros Unpatched Vulnerability : CVE-2025-55315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a...
Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2025-1230)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1230 advisory. Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET...