Lucene search
K

3718 matches found

RustSec
RustSec
added 2023/09/25 12:0 p.m.11 views

Tungstenite allows remote attackers to cause a denial of service

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...

7.5CVSS7.2AI score0.0162EPSS
Exploits1Affected Software1
OSV
OSV
added 2023/09/25 12:0 p.m.29 views

RUSTSEC-2023-0065 Tungstenite allows remote attackers to cause a denial of service

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...

7.5CVSS7.3AI score0.0162EPSS
Exploits1References3
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: ruby

Issue Overview: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the...

8.1CVSS7.1AI score0.29726EPSS
Exploits8
Amazon
Amazon
added 2023/09/25 12:0 a.m.3 views

Medium: tomcat

Issue Overview: While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...

7.5CVSS6.9AI score0.24622EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: golang

Issue Overview: The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh. CVE-2023-24532 HTTP and MIME header...

9.8CVSS8.3AI score0.02281EPSS
Exploits0
OSV
OSV
added 2023/09/21 6:30 a.m.14 views

GHSA-9MCR-873M-XCXP Tungstenite allows remote attackers to cause a denial of service

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...

7.5CVSS7.2AI score0.0162EPSS
Exploits1References19
Github Security Blog
Github Security Blog
added 2023/09/21 6:30 a.m.29 views

Tungstenite allows remote attackers to cause a denial of service

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...

7.5CVSS6.7AI score0.0162EPSS
Exploits1References18Affected Software1
OSV
OSV
added 2023/09/21 6:15 a.m.15 views

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

7.5CVSS7.2AI score0.0162EPSS
Exploits1References12
NVD
NVD
added 2023/09/21 6:15 a.m.12 views

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

7.5CVSS7.3AI score0.0162EPSS
Exploits1References12
Prion
Prion
added 2023/09/21 6:15 a.m.19 views

Design/Logic Flaw

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

5CVSS7.2AI score0.0162EPSS
Exploits1References12Affected Software2
UbuntuCve
UbuntuCve
added 2023/09/21 6:15 a.m.20 views

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

7.5CVSS7.1AI score0.0162EPSS
Exploits1References15
CNVD
CNVD
added 2023/09/21 12:0 a.m.15 views

Apache Flink Code Injection Vulnerability

Apache Flink is an open source distributed streaming data processing engine of the Apache Foundation . The product is mainly written in Java and Scala languages . Func is Knative open source a client library and CLI , support for the development and deployment of features . Apache Flink Stateful...

6.1CVSS7.4AI score0.0161EPSS
Exploits0References1
CVE
CVE
added 2023/09/21 12:0 a.m.315 views

CVE-2023-43669

The CVE-2023-43669 issue affects the Tungstenite crate for Rust up to version 0.20.0, where an excessively long HTTP header in a client handshake can cause high CPU usage and denial of service. Affected projects using tungstenite (and dependent crates like tokio-tungstenite) are exposed to potent...

7.5CVSS7.2AI score0.0162EPSS
Exploits1References12Affected Software1
Cvelist
Cvelist
added 2023/09/21 12:0 a.m.21 views

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

7.5AI score0.0162EPSS
Exploits1References12
Debian CVE
Debian CVE
added 2023/09/21 12:0 a.m.19 views

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

7.5CVSS7.3AI score0.0162EPSS
Exploits1
OSV
OSV
added 2023/09/19 8:5 p.m.11 views

SUSE-SU-2023:3692-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. bsc1215026...

7.5CVSS7.8AI score0.62246EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/09/19 12:34 p.m.13 views

CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...

7AI score0.0161EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/19 12:34 p.m.16 views

CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...

6.5AI score0.0161EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/09/19 12:0 a.m.32 views

Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Windows

Eclipse Jetty is prone to an HTTP header vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

5.3CVSS6.3AI score0.01069EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/09/19 12:0 a.m.27 views

Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Linux

Eclipse Jetty is prone to an HTTP header vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

5.3CVSS6.3AI score0.01069EPSS
Exploits0References1
Rows per page
Query Builder