4021 matches found
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.9.0 through 4.0.1, which stems from a lack of CRLF sequence checking of the domain and path options in the cookie setup function, which could lead to HTTP response splitting...
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 2.0.0 through 4.0.1, which stems from a failure to strip CRLF sequences in WebSocket upgrade code, which could lead to HTTP request/response splitting...
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 0 through prior to 4.0.1, which stems from a URL query component that does not percentile encode CRLF characters, potentially resulting in HTTP request splitting...
PT-2026-43071
Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...
OESA-2026-2402 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users ar...
OESA-2026-2401 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...
OESA-2026-2400 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users ar...
OESA-2026-2398 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users ar...
CVE-2026-22554
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...
CVE-2026-22554
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...
CVE-2026-22554
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...
UBUNTU-CVE-2026-22554
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...
CVE-2026-22554
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...
CVE-2026-22554
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...
CVE-2026-22554
MediaInfoLib from MediaArea is affected by a channel-splitting heap-based buffer overflow. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, requiring user interaction and exposing high impact to confidentiality, integrity, and availability. No patch/version details or remediation a...
EUVD-2026-31116
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...
CVE-2026-22554
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...
Astra Linux – Vulnerability in Firefox and Thunderbird
Firefox incorrectly accepted a new line in an HTTP/3 header, interpreting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...
Astra Linux - уязвимость в twisted
In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When a content-length and a chunked encoding header were provided, the content-length took precedence, and the remaining part of the request body was interpreted as a pipelined request...
Astra Linux - уязвимость в twisted
In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When two content-length headers were provided, the system ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...