37 matches found
SUSE-SU-2024:1309-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscatio...
SUSE-SU-2024:1307-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscatio...
SUSE-SU-2024:1301-1 Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to 20.12.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscatio...
MGASA-2024-0110 Updated nodejs packages fix security vulnerabilities
Nodejs 20.12.1 release fixes 2 CVE: CVE-2024-27983 - Assertion failed in node::http2::Http2Session::Http2Session leads to HTTP/2 server crash- High CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - Medium...
GHSA-68QQ-3PHH-53J7 mod_cluster Denial of Service vulnerability
modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...
CVE-2021-28838
Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens a...
Code injection
A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of...
CVE-2019-13954
Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...
CVE-2019-13955
Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...
CVE-2018-1158
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON...
PT-2018-17923 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions 9.x through 10.x Description: The issue allows an attacker to cause a denial of service DoS by crashing a node process that provides an http server supporting TLS server. This can be accomplished by sending duplicate or...
CVE-2016-3110
modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...
CVE-2016-3110
modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...
CVE-2014-8567
The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...
Myserver 0.4.1 DOS..
hi... Topic: MyServer 0.4.1 DOS Product: Myserver 0.4.1 http://myserverweb.sourceforge.net Note: yep, I'm on the dole, anyone wanna give me a job : Vendor Notification: Woooops, sorry i forgot ; Background: from homepage MyServer is a free and easy to configure web server. MyServer is licensed...
EnceladusServerSuite3.9.11.txt
Enceladus Server suite 3.9.11 Release Date: ------------- June 15,2003 Severity --------- HighRemote crash-code execution Systems Affected: ----------------- Enceladus Server Suite 3.9.11 possibly all the older versions are vulnerable Description: Enceladus Server Suite is a package that contains...
Cisco HTTP possible bug:
If you have: ip http server in your running config not a great idea to have on a live router IMO on your router and you do: http://router-ip/ it crashes said router. I confirmed this on my 1005 running 11.124 and another fellow said it worked on his 2621 and 2524. Though he didnt give IOS version...