13 matches found
Koa has Host Header Injection via ctx.hostname
Summary Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed Host header containing a @ symbol e.g., evil.com:[email protected] is received,...
CVE-2026-27959 Koa has Host Header Injection via `ctx.hostname`
Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004445)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004445 advisory. A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification...
SUSE CVE-2021-3715
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0078)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on...
kernel: use-after-free in route4_change() in net/sched/cls_route.c
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.1.6)
The version of AOS installed on the remote host is prior to 6.0.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0.1.6 advisory. - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way i...
CVE-2021-3715
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...
CVE-2021-3715
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...
SUSE SLED15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:3675-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3675-1 advisory. - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver bsc1186063. - CVE-2021-3655: Fixed a missing size validations on inbound...
kernel: use-after-free in route4_change() in net/sched/cls_route.c
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...
kernel: use-after-free in route4_change() in net/sched/cls_route.c
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...
PT-2020-6664 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem, leading to a use-after-free condition. This issue allows unprivileged...