Lucene search
K

178 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.32 views

CentOS 9 : toolbox-0.0.99.4-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.4-3.el9 build changelog. - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause...

9.8CVSS7.3AI score0.02281EPSS
Exploits0References6
Veracode
Veracode
added 2024/02/15 7:37 a.m.27 views

Denial Of Service (DoS)

libsquid.so is vulnerable to Denial Of Service DoS. The vulnerability is due to HTTP header parsing, allowing remote attackers to perform Denial of Service attacks by sending oversized headers...

7.5CVSS6.9AI score0.88864EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/02/14 9:15 p.m.3 views

DEBIAN-CVE-2024-25617

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References1
Prion
Prion
added 2024/02/14 9:15 p.m.32 views

Design/Logic Flaw

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

5CVSS7.1AI score0.88864EPSS
Exploits0References2
OSV
OSV
added 2024/02/14 9:15 p.m.2 views

UBUNTU-CVE-2024-25617

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References6
Prion
Prion
added 2024/02/05 3:15 p.m.19 views

Design/Logic Flaw

python-multipart is a streaming multipart parser for Python. When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consumi...

5CVSS7.3AI score0.01523EPSS
Exploits1References8Affected Software1
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: squid

Issue Overview: Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to...

8.6CVSS7.1AI score0.88864EPSS
Exploits0
OSV
OSV
added 2023/11/27 1:29 p.m.8 views

SUSE-SU-2023:4589-1 Security update for squid

This update for squid fixes the following issues: - CVE-2023-46728: Remove gopher support bsc1216926. - Fixed overread in HTTP request header parsing bsc1217274...

7.5CVSS7.9AI score0.05955EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/11/14 3:32 p.m.5 views

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.13 views

PT-2023-7288 · Unknown · Weston Embedded Uc-Http

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A memory corruption issue exists in the HTTP Server header parsing functionality. This can be exploited by sending specially crafted network packets, potentially leading to code execution. ...

10CVSS9.6AI score0.01475EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/11/07 8:33 a.m.5 views

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2023/10/27 12:0 a.m.38 views

SUSE: Security Advisory (SUSE-SU-2023:4210-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.99999EPSS
Exploits22References10
OpenVAS
OpenVAS
added 2023/10/20 12:0 a.m.22 views

Squid DoS Vulnerability (GHSA-h5x6-w8mv-xfpr, SQUID-2024:2)

Squid is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/07/20 5:32 p.m.5 views

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.23 views

EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2023-2269)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an...

9.1CVSS6.5AI score0.05493EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2023/07/01 7:0 a.m.3 views

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3 only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16 v18 and v20

...

7.5CVSS7.5AI score0.03906EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2023/06/07 2:8 a.m.4 views

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/05 6:55 p.m.4 views

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/05 4:47 p.m.3 views

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/05/25 12:0 a.m.38 views

CentOS 8 : go-toolset:rhel8 (CESA-2023:3319)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:3319 advisory. - The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar...

9.8CVSS7.5AI score0.02281EPSS
Exploits0References9
Rows per page
Query Builder