Lucene search
K

172 matches found

Snyk
Snyk
added 2025/07/15 8:0 p.m.2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the HTTP client. An attacker can obtain sensitive information by sending specially crafted HTTP requests that exploit improper header handling. Remediation A fix was pushed into the master branch but not yet...

8.6CVSS6.6AI score0.00501EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.2 views

CVE-2022-1954

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers...

5.3CVSS6.8AI score0.00969EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:55 a.m.10 views

CVE-2014-9304

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web...

7.5CVSS7.8AI score0.08109EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/04/07 2:7 a.m.5 views

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...

7.5CVSS7.1AI score0.00693EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2025/02/14 8:15 p.m.3 views

CVE-2025-25290

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS5.5AI score0.00754EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/01/23 6:15 p.m.5 views

CVE-2024-55926

A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data...

9.8CVSS5.9AI score0.00409EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.8 views

PT-2025-3154 · Xerox · Xerox Workplace Suite

Name of the Vulnerable Software and Affected Versions: Xerox Workplace Suite versions prior to 5.6.701.9 Description: A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validatio...

7.6CVSS9.3AI score0.00409EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/12/04 8:43 p.m.3 views

rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability...

7.5CVSS6.6AI score0.35376EPSS
Exploits1References5
Snyk
Snyk
added 2024/10/15 11:35 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when using HTTP Token authentication via the method authenticateorrequestwithhttptoken or a similar method. By sending specially crafted headers, an attacker can cause the application to consum...

8.7CVSS6.9AI score0.01048EPSS
Exploits0References2
OSV
OSV
added 2024/08/19 12:28 a.m.3 views

USN-6837-2 ruby-rack vulnerabilities

It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2024-25126 It was discovered that Rack...

7.5CVSS6.6AI score0.35376EPSS
Exploits2References4
Ubuntu
Ubuntu
added 2024/08/19 12:28 a.m.45 views

USN-6837-2: Rack vulnerabilities

It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2024-25126 It was discovered that Rack...

7.5CVSS6.5AI score0.35376EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/06/17 1:12 p.m.49 views

USN-6837-1: Rack vulnerabilities

It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. CVE-2023-27530 It was discovered that Rack incorrectly parsed certain...

7.5CVSS6.5AI score0.35376EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2024/05/28 2:28 p.m.2 views

rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability...

7.5CVSS6.6AI score0.35376EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/05/22 9:40 a.m.2 views

rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability...

7.5CVSS6.6AI score0.35376EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/04/30 2:52 p.m.3 views

rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability...

7.5CVSS6.6AI score0.35376EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/04/30 10:32 a.m.3 views

rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability...

7.5CVSS6.6AI score0.35376EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/02/24 3:16 a.m.3 views

SUSE CVE-2024-26146

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ru...

5.3CVSS6.8AI score0.01996EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2023/05/18 12:39 a.m.3 views

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

7.5CVSS6.6AI score0.01428EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/04/04 9:57 a.m.2 views

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

7.5CVSS7.1AI score0.01613EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.4 views

SUSE CVE-2009-1095

Integer overflow in unpack200 in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers...

10CVSS8AI score0.07099EPSS
Exploits0References9
Rows per page
Query Builder