Lucene search
K

79 matches found

Cvelist
Cvelist
added 2026/02/13 11:58 a.m.41 views

CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

5.3CVSS0.0043EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/13 11:58 a.m.5 views

CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

5.3CVSS5.6AI score0.0043EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/13 11:58 a.m.8 views

CVE-2026-2443

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

5.3CVSS5.6AI score0.0043EPSS
Exploits0References3
CVE
CVE
added 2026/02/13 11:58 a.m.52 views

CVE-2026-2443

CVE-2026-2443 affects the libsoup HTTP library used in GNOME-based systems. The issue arises when processing crafted HTTP Range headers, where the library may incorrectly validate requested byte ranges, potentially allowing an out-of-bounds read via the embedded SoupServer component. The root cau...

5.3CVSS5.6AI score0.0043EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/02/13 11:58 a.m.7 views

CVE-2026-2443

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

5.3CVSS5.2AI score0.0043EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.8 views

libsoup 缓冲区错误漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a buffer error vulnerability, which stems from improper validation when handling specially crafted HTTP Range headers. This vulnerability may lead to unexpected access to memory on the server...

5.3CVSS6AI score0.0043EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-2443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may...

5.3CVSS6.2AI score0.0043EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005315 advisory. Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such...

7.5CVSS5.6AI score0.01612EPSS
Exploits1References4
Snyk
Snyk
added 2026/01/05 11:9 p.m.2 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the parsing of Range headers. An attacker can potentially interfere with HTTP request processing by supplying non-ASCII decimals in the header, which may lead to unexpected parser mismatches. Remediation Upgra...

6.9CVSS7AI score0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/28 8:38 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the FileResponse.parserangeheader method. An attacker can exhaust server CPU resources by sending a specially crafted HTTP Range header...

8.7CVSS6.8AI score0.00638EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/10/28 8:14 p.m.4 views

CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.1AI score0.00638EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-0768

Malicious code in bioql PyPI...

7.5CVSS6AI score0.01612EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-15756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide suppor...

7.5CVSS7.4AI score0.09513EPSS
Exploits0References2
OSV
OSV
added 2025/07/17 12:30 p.m.7 views

USN-7643-1 libsoup3, libsoup2.4 vulnerabilities

Jan Różański discovered that libsoup incorrectly handled range headers in an HTTP request. An attacker could possibly use this issue to cause libsoup to consume excessive memory, resulting in a denial of service. CVE-2025-32907 Alon Zahavi discovered that libsoup incorrectly handled memory when...

7.5CVSS6.9AI score0.00729EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 p.m.5 views

CVE-2021-37253

M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application...

7.8CVSS7.1AI score0.02837EPSS
Exploits3References1
Ubuntu
Ubuntu
added 2024/08/19 12:28 a.m.40 views

USN-6837-2: Rack vulnerabilities

It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2024-25126 It was discovered that Rack...

7.5CVSS6.5AI score0.35376EPSS
Exploits2
OSV
OSV
added 2024/08/19 12:28 a.m.2 views

USN-6837-2 ruby-rack vulnerabilities

It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2024-25126 It was discovered that Rack...

7.5CVSS6.6AI score0.35376EPSS
Exploits2References4
OSV
OSV
added 2024/07/12 11:8 a.m.1 views

OESA-2024-1822 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

7.5CVSS6.8AI score0.01617EPSS
Exploits1References3
OSV
OSV
added 2024/07/12 11:8 a.m.4 views

OESA-2024-1820 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

7.5CVSS6.8AI score0.01617EPSS
Exploits1References3
OSV
OSV
added 2024/07/12 11:8 a.m.2 views

OESA-2024-1821 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

7.5CVSS6.8AI score0.01617EPSS
Exploits1References3
Rows per page
Query Builder