CVE-2026-33658 Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

MiracleLinux 9 : curl-7.76.1-23.el9 (AXSA:2023-5467:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5467:07 advisory. curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP proxy deny response...

MiracleLinux 8 : curl-7.61.1-30.el8 (AXSA:2023-5803:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5803:08 advisory. curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP proxy deny response...

CVE-2025-68148

The CVE-2025-68148 issue affects FreshRSS versions 1.27.0 through before 1.28.0. An attacker could globally deny access to feeds by manipulating proxy settings to generate a flood of 429 Retry-After responses, effectively making the instance unusable for most users. The vulnerability is addressed...

TencentOS Server 3: httpd:2.4 (TSSA-2025:0816)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0816 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2012-5255

Malware in sbrugna...

EUVD-2018-0743

Malware in sbrugna...

EUVD-2002-2264

Malware in sbrugna...

CVE-2024-25398

In Srelay the SOCKS proxy and Relay v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service...

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

USN-5894-1 curl vulnerabilities

Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. This issue was only fixed in Ubunt...

OESA-2023-1006 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP...

USN-5788-1 curl vulnerabilities

Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2022-43551 It was...

CVE-2008-1741

The SIP Proxy SIPD service in Cisco Unified Presence before 6.03 allows remote attackers to cause a denial of service core dump and service interruption via a TCP port scan, aka Bug ID CSCsj64533...

CVE-2004-1035

Multiple integer signedness errors in 1 imapcommon.c, 2 main.c, 3 request.c, and 4 select.c for up-imapproxy IMAP proxy 1.2.2 allow remote attackers to cause a denial of service server crash and possibly leak sensitive information via certain literal values that are not properly handled when usin...

Cerbere Proxy DoS

Oversized Host: header causes infinite loop...

RHEL 2.1 : php (RHSA-2002:214)

PHP versions up to and including 4.2.2 contain vulnerabilities in the mail function, allowing local script authors to bypass safe mode restrictions and possibly allowing remote attackers to insert arbitrary mail headers or content. Updated 13 Jan 2003 Added fixed packages for the Itanium IA64...

(RHSA-2002:214) php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. The mail function in PHP 4.x to 4.2.2 may allow local script authors to bypass safe mode restrictions and modify command line arguments to the MTA such as sendmail in the 5th argument to mail, altering MTA...