Lucene search
K

65 matches found

Cvelist
Cvelist
added 2025/10/07 2:30 p.m.6 views

CVE-2025-61770 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

7.5CVSS0.00868EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/07 2:30 p.m.1 views

CVE-2025-61770 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

7.5CVSS6.5AI score0.00868EPSS
Exploits0References4
CVE
CVE
added 2025/10/07 2:30 p.m.35 views

CVE-2025-61770

CVE-2025-61770 affects Rack’s multipart handling. In Rack versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble (bytes before the first boundary) in memory without a size limit, enabling a remote attacker to trigger large memory spikes and pote...

7.5CVSS6.5AI score0.00868EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2025/10/07 2:30 p.m.2 views

CVE-2025-61770

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

7.5CVSS5.9AI score0.00868EPSS
Exploits0
OSV
OSV
added 2025/10/07 2:30 p.m.4 views

CVE-2025-61770 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

7.5CVSS6.5AI score0.00868EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.6 views

PT-2025-41012

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.19 Rack versions prior to 3.1.17 Rack versions prior to 3.2.2 Description Rack is a modular Ruby web server interface. The Rack::Multipart::Parser component does not limit the size of the multipart preamble,...

7.5CVSS6.7AI score0.00868EPSS
Exploits0References19
RubySec
RubySec
added 2025/10/07 12:0 a.m.7 views

Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Summary Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory OOM...

7.5CVSS7.2AI score0.00868EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6866

Malicious code in bioql PyPI...

4.9CVSS6.6AI score0.00901EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-40694

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. CVE-2021-40694...

4.9CVSS6.3AI score0.00901EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/07/20 12:0 a.m.2 views

Jamming-Resistant AAV Communications: a Multichannel-Aided Approach

Jamming cancellation is essential to reliable unmanned autonomous vehicle AAV communications in the presence of malicious jammers. In this paper, we develop a practical multichannel-aided jamming cancellation method to realize secure AAV communications. The proposed method is capable of...

6.9AI score
Exploits0
OSV
OSV
added 2024/03/06 11:7 a.m.18 views

BIT-MOODLE-2021-40694

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...

4.9CVSS5AI score0.00901EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/25 10:15 p.m.3 views

CVE-2023-36666

INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected...

6.1CVSS6.3AI score0.00399EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.3 views

SUSE CVE-2004-1188

The pnmgetchunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLESIZE, which causes a read operation with a negative length that leads to a buffer overflow via 1 RMFTAG, 2 DATATAG,...

10CVSS7.5AI score0.01965EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/30 12:0 a.m.20 views

Moodle Improper Encoding or Escaping of Output

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...

4.9CVSS6.5AI score0.00901EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/09/29 3:15 a.m.21 views

Design/Logic Flaw

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...

3.3CVSS5AI score0.00901EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/09/29 3:15 a.m.1 views

UBUNTU-CVE-2021-40694

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...

4.9CVSS6.6AI score0.00901EPSS
Exploits0References2
OSV
OSV
added 2022/03/18 5:56 p.m.5 views

GHSA-V2RG-8CWR-75G8 Deserializer tampering in Apache Dubbo

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...

9.8CVSS7.3AI score0.17666EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2022/03/18 5:56 p.m.32 views

Deserializer tampering in Apache Dubbo

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...

9.8CVSS2.7AI score0.17666EPSS
Exploits2References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2021/12/27 12:15 a.m.2 views

CVE-2021-45686

An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preambleskipcount may read from uninitialized memory locations...

9.8CVSS5.8AI score0.01191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/11/22 12:0 a.m.8 views

PT-2022-11303 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient escaping of the LaTeX preamble, which allows site administrators to read files available to the HTTP server system...

9.8CVSS5.8AI score0.52299EPSS
Exploits18References100
Rows per page
Query Builder