Astra Linux - уязвимость в squid

Versions of Squid before 4.15 and 5.x before 5.0.6 allowed remote servers to cause a denial of service, affecting the availability of all clients through an HTTP response. The issue is triggered by a header that is expected to exist in HTTP traffic, without any malicious intent on the part of the...

undici: Undici: HTTP header injection and request smuggling vulnerability

A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the upgrade option of client.request. This is possible because undici does not...

RGW DoS attack with empty HTTP header in S3 object copy

...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : WEBrick vulnerability (USN-7709-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7709-1 advisory. It was discovered that WEBrick incorrectly parsed HTTP headers. In configurations where WEBrick is placed behind an HTTP proxy, a remote...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with...

OpenBlow 安全漏洞

OpenBlow is a web-based system for accepting anonymous reports and protecting the privacy of informants within an organization by OpenBlow Italy. A security vulnerability exists in OpenBlow that stems from a missing critical HTTP response header that could lead to cross-site scripting, clickjacki...

CVE-2015-6515

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header...

SUSE CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

Tungstenite Security Vulnerability

Snapview GmbH Tungstenite is a library from Snapview GmbH. A security vulnerability exists in Tungstenite 0.20.0 and earlier versions that originated from allowing an attacker to cause a denial of service DoS via a lengthened HTTP header in the client handshake...

USN-5833-1 python-future vulnerability

Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service...

Siemens SINEMA Remote Connect Server 安全特征问题漏洞

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

Apache MINA 安全漏洞

Apache MINA is a web application framework from the Apache Foundation. A denial-of-service vulnerability exists in Apache MINA, which is caused by improper handling of HTTP message header requests in Apache MINA. An attacker could exploit this vulnerability to potentially cause an infinite loop i...

H2O Denial of Service Vulnerability (CNVD-2018-01617)

H2O is a set of open source Web server software . A denial of service vulnerability exists in H2O 2.2.2 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted HTTP/1 packet header...