28 matches found
CVE-2026-24000
Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limitin...
MiracleLinux 9 : dovecot-2.3.16-11.el9_4.1 (AXSA:2024-8803:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8803:04 advisory. dovecot: using a large number of address headers may trigger a denial of service CVE-2024-23184 dovecot: very large headers can cause resource...
CVE-2025-66577 cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...
EUVD-2024-20703
Malicious code in bioql PyPI...
EUVD-2022-24890
Malicious code in bioql PyPI...
CLSA-2025-1753374470 dovecot: Fix of CVE-2024-23184
CVE-2024-23184: restrict address headers to mitigate excessive CPU usage and prevent potential DoS attacks...
CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...
SUSE CVE-2025-1795
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted...
dovecot: using a large number of address headers may trigger a denial of service
A flaw was found in Dovecot. Processing a large number of address headers From, To, Cc, Bcc, etc can be excessively CPU intensive. This flaw allows a remote attacker to trigger a denial of service...
dovecot security update
1:2.3.16-6 - fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message RHEL-55219 - fix CVE-2024-23184: using a large number of address headers may trigger a denial of service RHEL-55206...
ALPINE-CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
DEBIAN-CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
CVE-2024-23184
CVE-2024-23184 affects the Dovecot IMAP/POP3 server. The root issue is that parsing a large number of email address headers (From, To, Cc, Bcc, etc.) is highly CPU-intensive, leading to potential denial of service when attackers send crafted messages that trigger resource exhaustion. The availabl...
dovecot: using a large number of address headers may trigger a denial of service
A flaw was found in Dovecot. Processing a large number of address headers From, To, Cc, Bcc, etc can be excessively CPU intensive. This flaw allows a remote attacker to trigger a denial of service...
dovecot: using a large number of address headers may trigger a denial of service
A flaw was found in Dovecot. Processing a large number of address headers From, To, Cc, Bcc, etc can be excessively CPU intensive. This flaw allows a remote attacker to trigger a denial of service...