Lucene search
K

38 matches found

NVD
NVD
added 2026/06/30 1:19 p.m.8 views

CVE-2026-58013

A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...

8.2CVSS0.00329EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 1:19 p.m.3 views

UBUNTU-CVE-2026-58013

A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...

8.2CVSS5.9AI score0.00329EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/30 12:57 p.m.37 views

CVE-2026-58013 Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"

A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...

6.5CVSS0.00329EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 12:57 p.m.7 views

CVE-2026-58013

A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...

6.5CVSS5.9AI score0.00329EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/09 2:27 p.m.11 views

EUVD-2026-31440

shell-quote quote does not escape newlines in object .op values...

9.2CVSS5.4AI score0.00848EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:34 p.m.8 views

CVE-2026-44214

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

5.8CVSS6AI score0.00277EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 7:34 p.m.11 views

CVE-2026-44214 eventsource-encoder: SSE event injection via unsanitized event and id fields

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

5.8CVSS5.9AI score0.00277EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/26 7:34 p.m.17 views

EUVD-2026-31968

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

5.8CVSS5.9AI score0.00277EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.25 views

SUSE CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

8.1CVSS5.9AI score0.00848EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-9277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by...

9.2CVSS5.9AI score0.00848EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Waitress

Waitress, in version 1.3.1, implemented a “MAY” clause from RFC7230. This clause states: “Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.” Unfortunately, if a front-end...

7.5CVSS6.2AI score0.02714EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Netty

Netty is an asynchronous event-driven network application framework for developing maintainable, high-performance protocol servers and clients. In versions 4.1.124.Final and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line terminato...

7.5CVSS6.6AI score0.00631EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.47 views

PT-2026-39241

Name of the Vulnerable Software and Affected Versions eventsource-encoder versions prior to 1.0.2 Description The software fails to sanitize the event and id fields of an EventSourceMessage before serialization in the encodeMessage function. An attacker who controls these fields can inject...

5.8CVSS6AI score0.00277EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007098 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

9.1CVSS7AI score0.00724EPSS
Exploits0References4
OSV
OSV
added 2026/01/30 4:44 p.m.16 views

CLEANSTART-2026-SB25660 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the falcosidekick-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00724EPSS
Exploits0References37
OSV
OSV
added 2026/01/30 3:43 p.m.6 views

CLEANSTART-2026-ME47927 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the consul-k8s-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00724EPSS
Exploits0References8
OSV
OSV
added 2026/01/30 3:42 p.m.4 views

CLEANSTART-2026-PA85871 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the consul-k8s-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00724EPSS
Exploits0References8
OSV
OSV
added 2026/01/30 3:31 p.m.2 views

CLEANSTART-2026-PG91940 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the harbor-registry package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00724EPSS
Exploits2References33
OSV
OSV
added 2026/01/30 3:13 p.m.24 views

CLEANSTART-2026-OJ41940 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00804EPSS
Exploits0References17
OSV
OSV
added 2026/01/30 3:12 p.m.11 views

CLEANSTART-2026-CR41732 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00804EPSS
Exploits0References17
Rows per page
Query Builder