CVE-2024-34535

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...

Apache Tomcat Transfer-Encoding Information Disclosure and Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tomcat Transfer-Encoding Information Disclosure and DoS', 'Description' = %q Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and...

Rack Security Vulnerabilities

Rack is the modular Ruby web server interface. A security vulnerability in Rack versions prior to 2.0.9.4, prior to 2.1.4.4, prior to 2.2.8.1, and prior to 3.0.9.1 stems from a carefully crafted header that could cause Rack's media type parser to take longer than expected, resulting in a denial o...

Ruby on Rails: DoS with crafted "Range" header

The vulnerability was discovered in the Active Storage component of Ruby on Rails. The vulnerability allowed an attacker to craft a "Range" header that could lead to a Denial of Service DoS attack. The attack was possible due to the lack of validation on overlapping ranges in the...

HTTP Request Smuggling

aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability exists due to various issues with header parsing in httpparser.py. This allows a remote attacker to smuggle an HTTP request by submitting a maliciously crafted header. This is impactful when AIOHTTPNOEXTENSIONS is enabled or when...

httpd: mod_dav: out-of-bounds read/write of zero byte

A flaw was found in the moddav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service...

python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server

A denial of service flaw was found in Python Charmers Future. This flaw allows an attacker to send a specially crafted Set-Cookie header in an HTTP request, resulting in a loss of system availability...

SUSE CVE-2008-1332

Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2;...

SUSE CVE-2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

SUSE CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

SUSE CVE-2012-1584

Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted file header field in a media file, which triggers a large memory allocation...

SUSE CVE-2013-7027

The ieee80211radiotapiteratorinit function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service buffer over-read via a crafted header...

SUSE CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

SUSE CVE-2014-3618

Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."...

SUSE CVE-2015-2666

Stack-based buffer overflow in the getmatchingmodelmicrocode function in arch/x86/kernel/cpu/microcode/intelearly.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to th...

SUSE CVE-2016-4542

The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

SUSE CVE-2016-8682

The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service out-of-bounds read via a crafted SCT header...

Denial Of Service (DoS)

apache2 is vulnerable to Denial of ServiceDoS attacks. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool memory location beyond the header value sent, causing the application to crash...

PYSEC-2022-42991

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server...

CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header...