SUSE-SU-2026:2078-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

Astra Linux - уязвимость в golang-1.15

In Go versions before 1.15.13 and 1.16.x, as well as before 1.16.5, certain configurations of ReverseProxy from net/http/httputil lead to a situation where an attacker can drop arbitrary headers...

Information Exposure

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to Information Exposure. Go Vulnerability Report: ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrit...

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

Security update for python-tornado6

This update for python-tornado6 fixes the following issues: CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. CVE-2025-67725: quadratic complexity of string concatenation...

EUVD-2021-22841

Malware in sbrugna...

bookstore 安全漏洞

bookstore is an e-commerce bookstore system by donglight individual developer. A security vulnerability exists in bookstore version 1.0.0, which originates from the parameter url in the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java that can lead to a server-side request forgery attack...

PT-2025-2053 · Unknown · Donglight Bookstore

Name of the Vulnerable Software and Affected Versions: donglight bookstore versions 1.0.0 Description: A critical issue affects the getHtml function of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the url argument leads to server-side request forgery, allowing...

RHEL 8 : heketi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty CVE-2021-33197 ...

RHEL 7 / 8 : OpenShift Virtualization 2.6.10 RPMs (RHSA-2022:1402)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1402 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...

RHEL 8 : Release of OpenShift Serverless Client kn 1.27.0 (Moderate) (RHSA-2023:0708)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0708 advisory. Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered a...

RHEL 7 / 8 : OpenShift Virtualization 4.12.0 RPMs (RHSA-2023:0407)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0407 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains...

RHEL 8 : Red Hat Application Interconnect 1.0 Release (rpms) (Important) (RHSA-2022:6113)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6113 advisory. This release addresses several security issues in the underlying golang compiler by moving to golang version 1.17.12. Security Fixes:...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

CentOS 9 : grafana-pcp-3.2.0-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the grafana-pcp-3.2.0-2.el9 build changelog. - net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - io/fs: stack exhaustion in Glob CVE-2022-30630 -...

CVE-2023-49250 Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle MITM attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which...

CVE-2023-49250 Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle MITM attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which...

Moderate: Red Hat Security Advisory: container-tools:4.0 security update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

RHEL 8 : Image Builder (RHSA-2023:2780)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2780 advisory. Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood...