Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/01/05 11:9 p.m.10 views

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

6.9CVSS6.9AI score0.00236EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-23959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x...

9.1CVSS7.1AI score0.01957EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-22871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server ...

9.1CVSS6.7AI score0.00724EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/06/11 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1585)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.8AI score0.00724EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2023-40167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the...

5.3CVSS7AI score0.01069EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.21 views

PT-2023-8633

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M10 Apache Tomcat versions 10.1.0-M1 through 10.1.15 Apache Tomcat versions 9.0.0-M1 through 9.0.82 Apache Tomcat versions 8.5.0 through 8.5.95 Description The issue is related to an Improper Inp...

10CVSS7.1AI score0.99999EPSS
Exploits114References190
Positive Technologies
Positive Technologies
added 2023/10/06 12:0 a.m.13 views

PT-2023-8839 · Aiohttp +5 · Aiohttp +5

Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.8.6 Description: The HTTP parser in aiohttp has numerous problems with header parsing, which could lead to request smuggling. This issue is related to the handling of Content-Length values, improper handling of NUL...

7.8CVSS6.2AI score0.76875EPSS
Exploits21References89
RedHat Linux
RedHat Linux
added 2022/04/20 7:44 p.m.6 views

httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling...

9.8CVSS7.1AI score0.28189EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/20 7:30 p.m.7 views

httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling...

9.8CVSS7.1AI score0.28189EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/03/24 10:50 a.m.8 views

httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling...

9.8CVSS7.1AI score0.28189EPSS
Exploits0References5
Rows per page
Query Builder