55 matches found
Node.js: Regular Expression Denial of Service in Headers fetch API
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...
DEBIAN-CVE-2023-29141
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header...
CVE-2023-29141
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header...
UBUNTU-CVE-2023-29141
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header...
CVE-2023-29141
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header...
PT-2023-22168 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.10 MediaWiki versions 1.36.x through 1.38.x before 1.38.6 MediaWiki versions 1.39.x before 1.39.3 Description: An issue was discovered in MediaWiki where an auto-block can occur for an untrusted X-Forwarded-Fo...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.35.10, 1.36.x through 1.38.6, and 1.39.x...
SUSE CVE-2020-5247
In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
DEBIAN-CVE-2020-5247
In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
Integer overflow
Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215,...
CVE-2018-13887
CVE-2018-13887 describes an integer overflow vulnerability caused by untrusted header fields in the GNSS XTRA3 function, affecting Qualcomm Snapdragon platforms (Auto, Compute, IOT variants across multiple Snapdragon and QC700-series devices). The root cause is untrusted data in GNSS XTRA3 header...
CVE-2018-13887
Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215,...
PT-2020-3715 · Ruby +2 · Puma +2
Name of the Vulnerable Software and Affected Versions: Puma versions prior to 4.3.2 Puma versions prior to 3.12.3 Description: The issue is related to HTTP Response Splitting, where an attacker can use newline characters CR, LF, or /r, /n to end a header and inject malicious content, such as...