CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

undertow: information leakage via HTTP/2 request header reuse

REJECTED CVE A vulnerability has been identified in the Undertow package where the readHpackString method may incorrectly reuse an HTTP request header value from a previous stream for a new request on the same HTTP/2 connection due to improper handling of the stringBuilder field. While this...

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the inability of the conntrack nfconfirm logic to handle cloned skb's referencing the same nfconn entry, whi...

UBUNTU-CVE-2020-27218

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

PT-2020-16664 · Eclipse +3 · Eclipse Jetty +3

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.0.RC0 through 9.4.34.v20201102 Eclipse Jetty versions 10.0.0.alpha0 through 10.0.0.beta2 Eclipse Jetty versions 11.0.0.alpha0 through 11.0.0.beta2 Description: The issue occurs when GZIP request body inflation is...

varnish: not clearing pointer between two client requests leads to information disclosure

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the...

cyrus-imapd: privilege escalation in HTTP request

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

Varnish Cache Information Disclosure Vulnerability

Varnish Cache is a set of reverse web caching servers. A security vulnerability exists in Varnish Cache that stems from a failure of the program to clear the pointer to the previous request when processing the next client request in the same connection. An attacker could exploit this vulnerabilit...

DEBIAN-CVE-2019-20637

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the...

UBUNTU-CVE-2019-20637

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the...

DEBIAN-CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

UBUNTU-CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

Cyrus IMAP elevation of privilege vulnerability (CNVD-2020-41522)

Cyrus IMAP is a free, open source email, contact and calendar server. Cyrus IMAP suffers from an elevation of privilege vulnerability that stems from the fact that HTTP requests can be interpreted in the authentication context of unrelated previous requests arriving over the same connection, whic...

PT-2019-15720 · Cyrus +5 · Cyrus Imap +5

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 2.5.x through 2.5.13 Cyrus IMAP versions 3.x through 3.0.11 Description: The issue allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that...