4510 matches found
SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2025:02767-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02767-1 advisory. - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249. -...
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
Overview A vulnerability has been discovered within many HTTP/2 implementations allowing for denial of service DoS attacks through HTTP/2 control frames. This vulnerability is colloquially known as "MadeYouReset" and is tracked as CVE-2025-8671. Some vendors have assigned a specific CVE to their...
www/varnish7 -- Denial of Service in HTTP/2
Varnish Development Team reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for th...
CVE-2023-45584
A double free vulnerability CWE-415 vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.1, FortiProxy 7.2.0 through 7.2.7, FortiProxy 7.0.0...
CVE-2025-42945
SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...
PT-2025-32606 Ā· Sap Ā· Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: SAP NetWeaver Application Server ABAP is susceptible to an HTML injection issue. An attacker can construct a URL containing a malicious script as a payload,...
Google Chrome ē¼å²åŗéčÆÆę¼ę“
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome, which can be exploited by remote attackers to perform out-of-bounds memory access via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2025-5986
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without promptin...
CVE-2025-25235
Server-Side Request Forgery SSRF in Omnissa Secure Email Gateway SEG in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks...
BIT-LIBPYTHON-2025-6069 HTMLParser quadratic complexity when processing malformed inputs
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...
BIT-LIBPHP-2025-1217 Header parser of http stream wrapper does not handle folded headers
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...
BIT-LIBPHP-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...
BIT-LIBPHP-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...
BIT-LIBPHP-2024-4577 Argument Injection in PHP-CGI
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
BIT-LIBPHP-2024-11233 Single byte overread with convert.quoted-printable-decode filter
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas...
Security Bulletin: Astronomer with IBM is vulnerable to memory consumption and denial of service due to the net/http package (CVE-2021-44716, CVE-2022-27664)
Summary net/http is used by Astronomer with IBM as part of the request processing functionality. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...
CVE-2025-8863
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission...
CVE-2025-8863
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission...
Security update for tomcat
This update for tomcat fixes the following issues: CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability bsc1246318 Patch Instructions: To install...
SUSE-SU-2025:02745-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability bsc1246318...