65 matches found
CVE-2025-61770 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...
CVE-2025-61770 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...
CVE-2025-61770
CVE-2025-61770 affects Rack’s multipart handling. In Rack versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble (bytes before the first boundary) in memory without a size limit, enabling a remote attacker to trigger large memory spikes and pote...
CVE-2025-61770
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...
CVE-2025-61770 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...
PT-2025-41012
Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.19 Rack versions prior to 3.1.17 Rack versions prior to 3.2.2 Description Rack is a modular Ruby web server interface. The Rack::Multipart::Parser component does not limit the size of the multipart preamble,...
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
Summary Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory OOM...
EUVD-2022-6866
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-40694
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. CVE-2021-40694...
Jamming-Resistant AAV Communications: a Multichannel-Aided Approach
Jamming cancellation is essential to reliable unmanned autonomous vehicle AAV communications in the presence of malicious jammers. In this paper, we develop a practical multichannel-aided jamming cancellation method to realize secure AAV communications. The proposed method is capable of...
BIT-MOODLE-2021-40694
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...
CVE-2023-36666
INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected...
SUSE CVE-2004-1188
The pnmgetchunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLESIZE, which causes a read operation with a negative length that leads to a buffer overflow via 1 RMFTAG, 2 DATATAG,...
Moodle Improper Encoding or Escaping of Output
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...
Design/Logic Flaw
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...
UBUNTU-CVE-2021-40694
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...
GHSA-V2RG-8CWR-75G8 Deserializer tampering in Apache Dubbo
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...
Deserializer tampering in Apache Dubbo
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...
CVE-2021-45686
An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preambleskipcount may read from uninitialized memory locations...
PT-2022-11303 · Alt Linux · Alt Linux
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient escaping of the LaTeX preamble, which allows site administrators to read files available to the HTTP server system...