CVE-2020-26142

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

CVE-2023-26142

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...

Internet Bug Bounty: [CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch

A ReDoS vulnerability was discovered in the Accept header parsing in Action Dispatch. The vulnerability was assigned the CVE identifier CVE-2024-26142. Affected versions were 7.1.0 to 7.1.3, while versions prior to 7.1.0 and 7.1.3.1 and later were not affected. The vulnerability was reported and ...

GHSA-JJHX-JHVP-74WQ Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1....

CVE-2024-26142

A flaw was found in actionpack rubygem during the parsing of the Accept header. This issue ma allow a malicious actor to craft a header which will lead the action dispatch component to take an unexpected amount of time, leading to a Denial of Service, impacting the application's availability...

CVE-2024-26142

CVE-2024-26142 affects Rails, starting from version 7.1.0, where an ReDoS in the Accept header parsing of Action Dispatch was reported. The vulnerability is mitigated by upgrading to Rails 7.1.3.1; Rails applications using Ruby 3.2 or newer are reportedly unaffected due to Ruby 3.2 mitigations. T...

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch

There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1.0 Fixed Versions: 7.1.3.1 Impact Carefully crafted Accept headers can cau...

CVE-2023-26142

creationtimestamp| type| source ---|---|--- 2023-09-12 12:22:48+00:00| seen| https://t.me/cibsecurity/70249...

CVE-2023-26142

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...

CVE-2023-26142

The CVE-2023-26142 entry concerns the Crow C++ microframework. Affected component: header construction in set_header/add_header; root cause: HTTP Response Splitting due to inadequate sanitization against CRLF injection. Impact (as described): an attacker can inject CRLF sequences to terminate hea...

SUSE CVE-2020-26142

An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-1735)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1681)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Advisory 0063

Security Advisory 0063 PDF Updated: May 25th, 2021 Revision | Date | Changes ---|---|--- 1.0 | May 12th, 2021 | Initial Release 1.1 | May 25th, 2021 | Updated assessment with impacted platforms, detection and mitigation. 1.2 | June 9, 2021 | Updated assessment 1.3 | August 19, 2021 | Updated...

CVE-2020-26142

An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration...

CVE-2020-26142

CVE-2020-26142 is an OpenBSD kernel issue (OpenBSD 6.6) where the WEP, WPA, WPA2, and WPA3 implementations incorrectly treat fragmented frames as full frames. This misbehavior can allow an adversary to inject arbitrary network packets, independent of network configuration, by abusing fragmented f...

CVE-2020-26142

Removed by vendor...