10 matches found
SUSE-SU-2026:1745-1 Security update for rmt-server
This update for rmt-server fixes the following issues: Update to version 2.27. Security issues fixed: - CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can le...
CVE-2026-35213
CVE-2026-35213 affects the @hapi/content package: three regexes used to parse Content-Type and Content-Disposition headers enable Regular Expression Denial of Service (ReDoS) via crafted header values. All versions up to 6.0.0 are vulnerable; remediation is to upgrade to 6.0.1 where the issue is ...
CVE-2026-20067
Cisco reports CVE-2026-20067 affects multiple products running the Snort 3 detection engine. The root cause is incomplete error checking when parsing Multicast DNS fields of the HTTP header, exploitable by an unauthenticated, remote attacker sending crafted HTTP packets over the network. Successf...
EUVD-2025-27776
Malicious code in bioql PyPI...
CVE-2024-22081
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
PT-2023-9030 · Unknown +10 · Net/Textproto +10
Name of the Vulnerable Software and Affected Versions: net/textproto versions affected versions not specified Description: The issue is related to HTTP and MIME header parsing, which can allocate large amounts of memory even when parsing small inputs, potentially leading to a denial of service...
The vulnerability of the syntax analysis function for HTTP headers of TP-Link TL-R600VPN software routers allows a hacker to execute arbitrary code.
The vulnerability of the syntax analysis function for HTTP headers of TP-Link TL-R600VPN software lies in the fact that the operation is performed outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted HTTP...
DEBIAN-CVE-2006-3124
Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers...