SUSE-SU-2026:1162-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903. - CVE-2025-67725: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254905. - CVE-2026-31958: parsing large...

EUVD-2025-37368

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub421BAC function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

EUVD-2024-53519

Malicious code in bioql PyPI...

EUVD-2024-1159

Malicious code in bioql PyPI...

SUSE-SU-2025:02684-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 - CVE-2024-47252: Fixed insufficie...

CVE-2025-30350

Directus and its storage-driver-s3 component are affected by a DoS-like asset unavailability vulnerability triggered by a burst of HEAD requests. Affected range: @directus/storage-driver-s3 versions prior to 12.0.1 (corresponding to Directus 9.22.0–11.5.0). When many HEAD checks occur, assets can...

FreeBSD : Gitlab -- Vulnerabilities (1a8c5720-e9cf-11ef-9e96-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1a8c5720-e9cf-11ef-9e96-2cf05da270f3 advisory. Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symb...

GHSA-729Q-FCGP-R5XH Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fi...

Envoy 环境问题漏洞

Envoy is an open source distributed proxy server. Envoy suffers from an environmental issue vulnerability that stems from the ability to bypass certain requests, which could result in requests using a mixed-case scheme being denied...

CVE-2021-22166

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...

MGASA-2017-0123 Updated 389-ds-base packages fix security vulnerability

An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. CVE-2017-2668...

CVE-2017-5668

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for...

eabweb.txt

Easy Address Book Web Server Format String Vulnerability Software: Easy Address Book Web Server Version: 1.2 Website: http://www.efssoft.com/ Description: Easy Address Book Web Server is a Web Address Book software that allows users to view, search, add, edit, or administer address books easily...

CVE-2003-1228

Buffer overflow in the preparereply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via an HTTP request with a long path...

[Advisory] IISShield V1.0.2

Moderator please disregard last message. There were some problems with the webmailers. : Original message follows: Hi all, A problem related to the denial of an Http Request in a specific byte check was encountered. The issue fixed is related to a very special situation which does not interfere...

CVE-1999-1035

IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service hang via a malformed GET request, aka the IIS "GET" vulnerability...