Linux Distros Unpatched Vulnerability : CVE-2021-33037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstance...

CLSA-2025-1756751597 squid: Fix of CVE-2023-46846

CVE-2023-46846: fix Request/Response chunk smuggling in HTTP/1.1 and ICAP...

Security Bulletin: SSH servers which implement file transfer protocols are vulnerable, which affects IBM watsonx.data

Summary UsSSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. These can affect watsonx.data. Vulnerability Detail...

Security Bulletin: This vulnerability can lead to cache poisoning, data exposure, session manipulation, etc , which affects IBM watsonx.data

Summary Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning...

CVE-2025-9652

A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educartransferenciatipocad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nmtipo/desctipo causes cross site scripting. It is possib...

Linux Distros Unpatched Vulnerability : CVE-2025-8671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may...

CVE-2025-7775

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server OR NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS...

Linux Distros Unpatched Vulnerability : CVE-2020-8794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerabilit...

Linux Distros Unpatched Vulnerability : CVE-2021-45103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked...

Linux Distros Unpatched Vulnerability : CVE-2020-9481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. CVE-2020-9481 Note that Nessus relies on the presence ...

Linux Distros Unpatched Vulnerability : CVE-2021-39897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have...

Linux Distros Unpatched Vulnerability : CVE-2024-47220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a...

Linux Distros Unpatched Vulnerability : CVE-2020-13282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper...

Linux Distros Unpatched Vulnerability : CVE-2020-1944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content...

Linux Distros Unpatched Vulnerability : CVE-2021-21299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can...

Linux Distros Unpatched Vulnerability : CVE-2023-47641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the...

GHSA-HW6F-RJFJ-J7J7 Eventlet affected by HTTP request smuggling in unparsed trailers

Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches Patches Problem has...

php: Fix of 3 CVEs

CVE-2025-1217: http stream wrapper: fix handling folded headers - CVE-2025-1734: http stream wrapper: fix handling headers with invalid name and no colon - CVE-2025-1861: fix http redirect location truncation...

CVE-2025-9652

A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educartransferenciatipocad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nmtipo/desctipo causes cross site scripting. It is possib...

CVE-2025-9652

Summary (CVE-2025-9652): Portabilis i-Educar up to 2.10 is affected by a cross-site scripting (XSS) flaw in the file /intranet/educar_transferencia_tipo_cad.php, via manipulation of the nm_tipo/desc_tipo arguments. The vulnerability originates from an unknown function in the Cadastrar tipo de tra...