Lucene search
+L

11 matches found

osv
osv
added 3 days ago3 views

EEF-CVE-2026-58229 Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS

Summary Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decode\headers/5 and Mint.HTTP1.decode\trailer\headers/4 functions in lib/mint/http1.ex accumulate every...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References4
osv
osv
added 4 days ago2 views

RLSA-2026:38847 Important: nginx:1.24 security, bug fix, and enhancement update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes...

8.1CVSS7.4AI score0.03552EPSS
Exploits1References2
osv
osv
added 4 days ago3 views

ALSA-2026:38847 Important: nginx:1.24 security, bug fix, and enhancement update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes...

9.2CVSS7.4AI score0.03552EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/03/19 10:47 p.m.6 views

CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2025/09/17 11:17 a.m.9 views

CVE-2025-8411 XSS in Dokuzsoft Technology's E-Commerce Web Design Product

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025...

7.1CVSS5.4AI score0.00185EPSS
Exploits0References2
hashicorp
hashicorp
added 2024/04/30 2:49 p.m.6 views

Vault Enterprise Leaks Sensitive HTTP Request Headers in Audit Log When Deployed With a Performance Standby Node

Summary Vault Enterprise, when configured with both performance standby nodes and an audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request header information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault...

5.5CVSS6.1AI score0.00169EPSS
Exploits0Affected Software1
redhat
redhat
added 2022/06/16 3:39 p.m.6 views

grub2: Out-of-bound write when handling split HTTP headers

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

8.1CVSS7.4AI score0.01131EPSS
Exploits0References4
redhat
redhat
added 2017/01/31 5:53 a.m.5 views

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

9.8CVSS6.1AI score0.04544EPSS
Exploits0References4
redhat
redhat
added 2016/11/03 8:12 a.m.6 views

squid: some code paths fail to check bounds in string object

Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response...

7.5CVSS7.2AI score0.08953EPSS
Exploits0References5
osv
osv
added 2016/01/08 7:59 p.m.5 views

UBUNTU-CVE-2015-7519

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...

3.7CVSS6.2AI score0.02364EPSS
Exploits0References4
osv
osv
added 2006/05/01 7:6 p.m.1 views

DEBIAN-CVE-2006-1989

Buffer overflow in the getdatabase function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers...

5.1CVSS9.7AI score0.0581EPSS
Exploits1References1
Rows per page
Query Builder