85 matches found
EUVD-2026-38279
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...
CVE-2026-12549
The CVE-2026-12549 entry concerns GNOME Libsoup (soupserver). A regression after the fix for CVE-2026-2443 replaced specific overflow checks with a general signed comparison. When a client issues a Range request with a suffix length exceeding the content size, the resulting negative start value i...
Linux Distros Unpatched Vulnerability : CVE-2026-12549
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sen...
Windows Persistence Bits Job
This module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots until...
EUVD-2026-17608
Parser Server's streaming file download bypasses afterFind file trigger authorization...
EUVD-2000-0345
Malware in sbrugna...
EUVD-2018-19717
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-31808
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack against all...
Important: libsoup
Issue Overview: A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. CVE-2025-32906 A flaw was found in libsoup. The implementation of...
Important: libsoup
Issue Overview: A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. CVE-2025-32906 A flaw was found in libsoup. The implementation of...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...
libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...
CVE-2025-32907
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...
CVE-2025-32907 Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...
CVE-2025-32907
CVE-2025-32907 concerns the libsoup HTTP range handling, enabling a resource consumption attack where a malicious client can request the same range multiple times in a single HTTP request, causing the server to allocate large memory. The primary affected component is libsoup, with multiple adviso...
The vulnerability of the Range Request Forward function in the Cisco AsyncOS operating system of Cisco Secure Web Appliances allows attackers to circumvent security restrictions and write arbitrary files.
The vulnerability of the Range Request Forward function in the Cisco AsyncOS operating system of Cisco Secure Web Appliances is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and write arbitrary files...
Cisco Secure Web Appliance Range Request Bypass (cisco-sa-swa-range-bypass-2BsEHYSu)
According to its self-reported version, Cisco Secure Web Appliance Range Request Bypass is affected by a vulnerability. - A vulnerability in a policy-based Cisco Application Visibility and Control AVC implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an...
Cisco Secure Web Appliance Range Request Bypass Vulnerability
A vulnerability in a policy-based Cisco Application Visibility and Control AVC implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint. The vulnerability i...
Internet Bug Bounty: Possible DoS Vulnerability with Range Header in Rack
A potential denial-of-service vulnerability was discovered in the Rack web server interface for Ruby. The vulnerability was assigned the CVE identifier CVE-2024-26141 and affected versions of Rack 1.3.0 and later. The vulnerability was caused by carefully crafted Range request headers, which coul...
SUSE-SU-2024:1131-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: - CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing bsc1220239. - CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing bsc1220242. - CVE-2024-26146: Fixed a...