EUVD-2018-3789

Malware in sbrugna...

h11: h11 accepts some malformed Chunked-Encoding bodies

A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \r\n terminators...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2025-1517)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...

UBUNTU-CVE-2023-52354

chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted...

ALPINE-CVE-2021-36159

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...

HackerOne: Account creation with invalid email addresses / email is accepting % and %0d%0a line termination chars

An account creation vulnerability was found where invalid email addresses containing '%' and '%0d%0a' line termination characters were accepted, allowing multiple unverified accounts to be created...

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation...

CVE-2018-11790

CVE-2018-11790 affects Apache OpenOffice 4.1.5 and earlier. The flaw is an arithmetic overflow in a string-length calculation when loading a document with an end-of-line termination smaller than the OS uses, triggered by handling virtual tables. Exploitation details are not explicitly provided in...