Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header

Summary Bandit is vulnerable to CL.CL HTTP request smuggling: it silently accepts requests with two Content-Length headers whose values differ, takes the first value, and dispatches the body bytes as a second pipelined request on the same keep-alive connection. RFC 9110 §5.3 prohibits multiple...

Linux Distros Unpatched Vulnerability : CVE-2026-32762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 72...

EUVD-2019-7904

Malware in sbrugna...

EUVD-2019-7902

Malware in sbrugna...

EUVD-2020-12751

Malware in sbrugna...

EUVD-2023-0462

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-1944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content...

Important: Red Hat Security Advisory: varnish:6 security update

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2020-1944

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions...

CVE-2019-17565

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions...

ROS-20240820-06

The aiohttp HTTP client vulnerability is related to flaws in HTTP request processing. Exploitation of the vulnerability could allow an attacker acting remotely to perform an "HTTP request smuggling" attack...

RHEL 8 / 9 : OpenShift Container Platform 4.12.8 (RHSA-2023:1268)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1268 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

SUSE-SU-2024:1149-1 Security update for postfix

This update for postfix fixes the following issues: - CVE-2023-51764: Prevent SMTP smuggling attack. bsc1218304...

BIT-TOMCAT-2022-42252 Apache Tomcat request smuggling via malformed content-length

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0 to 9.0.67, 10.0.0 to 10.0.26 or 10.1.0 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a request...

openSUSE: Security Advisory for postfix (SUSE-SU-2023:4981-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:0012-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0743-1 Security update for sendmail

This update for sendmail fixes the following issues: - CVE-2023-51765: Fixed new SMTP smuggling attack. bsc1218351...

Apache James Input Validation Error Vulnerability

Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server from the Apache Foundation written entirely in Java. An input validation error vulnerability exists in Apache James versions prior to 3.8.1 and prior to 3.7.5, which stems from a difference in line separator...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2024-035 (ALASNITRO-ENCLAVES-2024-035)

The version of containerd installed on the remote host is prior to 1.7.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-035 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versi...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2024-035 (ALASDOCKER-2024-035)

The version of containerd installed on the remote host is prior to 1.7.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-035 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...