Lucene search
K

63 matches found

Mageia
Mageia
added 2024/04/13 4:56 p.m.40 views

Updated perl-HTTP-Body packages fix security vulnerability

HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume...

6.8CVSS7AI score0.02877EPSS
Exploits0References2
Prion
Prion
added 2024/03/14 10:53 p.m.78 views

Design/Logic Flaw

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

7.1AI score0.0077EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/01/13 2:15 a.m.16 views

CVE-2023-51804

An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file...

7.5CVSS7.3AI score0.00657EPSS
Exploits1References1
Prion
Prion
added 2024/01/13 2:15 a.m.12 views

Design/Logic Flaw

An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file...

5CVSS6.7AI score0.00657EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/13 12:0 a.m.5 views

CVE-2023-51804

An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file...

7.3AI score0.00657EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.8 views

PT-2023-36301 · Unknown · Distribution

Name of the Vulnerable Software and Affected Versions: distribution versions prior to 2.8.3 Description: The issue is related to several problems in the distribution package, including the parsing of errors as JSON, the handling of HTTP request bodies, and the deprecation of certain functions and...

7.2AI score
Exploits0References3
Prion
Prion
added 2023/11/28 5:15 p.m.25 views

Race condition

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...

2.6CVSS6.8AI score0.00728EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/11/07 2:20 p.m.12 views

USN-6473-1 python-urllib3 vulnerabilities

It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-25091 It was discovered that urllib3 didn't...

8.1CVSS6.8AI score0.01207EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.5 views

SUSE CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

6.8CVSS6.8AI score0.02877EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.5 views

SUSE CVE-2018-8777

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service memory consumption...

7.5CVSS6.8AI score0.04636EPSS
Exploits0References9
Veracode
Veracode
added 2022/09/22 7:10 a.m.17 views

Denial Of Service (DoS)

github.com/apple/swift-nio-extras is vulnerable to denial of service. The vulnerability exists because complete HTTP body decompression is not properly detected and the code repeatedly attempts to decompress the data appended to the HTTP message causing an infinite loop which leads to an...

7.5CVSS7.3AI score0.00732EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/21 6:45 p.m.38 views

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

7.7AI score0.00732EPSS
Exploits0References1
OSV
OSV
added 2022/09/21 6:45 p.m.27 views

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

7.5CVSS7AI score0.00732EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/06/09 10:57 p.m.64 views

CVE-2022-29225

A flaw was found in Envoy. A specifically constructed HTTP body delivered by an untrusted downstream or upstream peer whose decompressed size is dramatically larger than the compressed size can be sent by an attacker to cause a denial of service. Mitigation This can be mitigated by disabling...

7.5CVSS1.6AI score0.0144EPSS
Exploits1References4
OSV
OSV
added 2022/02/28 4:15 p.m.4 views

CVE-2022-26155

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...

6.1CVSS6.4AI score0.00667EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.14 views

Mageia: Security Advisory (MGASA-2013-0352)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.7AI score0.02877EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/16 12:0 a.m.5 views

mitmproxy环境问题漏洞

mitmproxy is an interactive, SSL/TLS-enabled interceptor proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. An environment issue vulnerability exists in mitmproxy 7.0.2 and prior versions, where a malicious client/server can smuggle a request/response through mitmproxy as part of...

9.8CVSS8.1AI score0.01176EPSS
Exploits0References3
Prion
Prion
added 2020/01/17 7:15 p.m.18 views

Cross site request forgery (csrf)

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

2.6CVSS7.1AI score0.02382EPSS
Exploits1References7Affected Software27
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.19 views

openSUSE Security Update : perl-HTTP-Body (openSUSE-SU-2014:0433-1)

perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-247...

6.8CVSS5.8AI score0.02877EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2014/04/03 12:0 a.m.23 views

SuSE Update for perl-HTTP-Body openSUSE-SU-2014:0433-1 (perl-HTTP-Body)

Check for the Version of perl-HTTP-Body OpenVAS Vulnerability Test $Id: gbsuse201404331.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for perl-HTTP-Body openSUSE-SU-2014:0433-1 perl-HTTP-Body Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH,...

6.8CVSS6.4AI score0.02877EPSS
Exploits0References1
Rows per page
Query Builder