io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

CVE-2026-42584

Netty vulnerability CVE-2026-42584 affects Netty’s HttpClientCodec desynchronization between inbound responses and outbound requests when handling 1xx responses, occurring prior to Netty 4.2.13.Final and 4.1.133.Final. In the described sequence (GET then HEAD; server sends 103, then GET body, the...

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

crun security update

1.27-1 - update to https://github.com/containers/crun/releases/tag/1.27 - fixes CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the --user option rhel-10.1.z - Resolves: RHEL-161416...

Linux Distros Unpatched Vulnerability : CVE-2026-26961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from...

RUSTSEC-2026-0034 HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing

Pingora versions prior to 0.8.0 improperly allowed HTTP/1.0 request bodies to be close-delimited and incorrectly handled multiple Transfer-Encoding values. This allows an attacker to desync Pingora's request framing from backend servers and smuggle requests to the backend. This vulnerability...

CVE-2019-20492

cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file SEC-516...

TencentOS Server 4: libcap (TSSA-2025:0254)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0254 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2016-10739)

In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...

EUVD-2019-9584

Malware in sbrugna...

EUVD-2019-5606

Malware in sbrugna...

USN-7761-1: PAM vulnerability

It was discovered that the PAM pamaccess module incorrectly parsed certain rules as hostnames. An attacker could possibly use this issue to spoof hostnames and bypass access restrictions...

Linux Distros Unpatched Vulnerability : CVE-2016-4080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote...

CVE-2019-14400

cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing SEC-479...

wget: Misinterpretation of input may lead to improper behavior

A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...

RHEL 8 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read...

RHEL 7 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - oniguruma: Use-after-free in onignewdeluxe in regext.c CVE-2019-13224 - main/streams/xpsocket.c in PHP 7....

Fortinet FortiProxy Security Vulnerability

Fortinet FortiProxy is a secure network proxy from Fortinet that protects employees from cyberattacks by combining a variety of detection technologies such as Web filtering, DNS filtering, DLP, anti-virus, intrusion prevention, and advanced threat protection.FortiProxy helps reduce bandwidth...

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

SUSE CVE-2018-19837

In LibSass prior to 3.5.5, Sass::Eval::operatorSass::BinaryExpression inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp...