Lucene search
K

55 matches found

RedHat Linux
RedHat Linux
added 2023/05/09 11:51 a.m.4 views

Node.js: Regular Expression Denial of Service in Headers fetch API

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7.2AI score0.01304EPSS
Exploits0References4
OSV
OSV
added 2023/03/31 7:15 p.m.1 views

DEBIAN-CVE-2023-29141

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header...

9.8CVSS5.5AI score0.01194EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/03/31 7:15 p.m.29 views

CVE-2023-29141

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header...

9.8CVSS6.3AI score0.01194EPSS
Exploits0References2
OSV
OSV
added 2023/03/31 7:15 p.m.3 views

UBUNTU-CVE-2023-29141

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header...

9.8CVSS5.8AI score0.01194EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/31 12:0 a.m.2 views

CVE-2023-29141

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header...

7.2AI score0.01194EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/03/31 12:0 a.m.3 views

PT-2023-22168 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.10 MediaWiki versions 1.36.x through 1.38.x before 1.38.6 MediaWiki versions 1.39.x before 1.39.3 Description: An issue was discovered in MediaWiki where an auto-block can occur for an untrusted X-Forwarded-Fo...

9.8CVSS6AI score0.22699EPSS
Exploits27References134
CNNVD
CNNVD
added 2023/03/31 12:0 a.m.5 views

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.35.10, 1.36.x through 1.38.6, and 1.39.x...

9.8CVSS5.6AI score0.01194EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.1 views

SUSE CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

5.3CVSS6.5AI score0.02487EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2020/06/11 7:9 a.m.2 views

cryptacular: excessive memory allocation during a decode operation

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

7.5CVSS7.4AI score0.03334EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/06/10 7:23 p.m.3 views

cryptacular: excessive memory allocation during a decode operation

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

7.5CVSS7.4AI score0.03334EPSS
Exploits1References4
OSV
OSV
added 2020/02/28 5:15 p.m.2 views

DEBIAN-CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.2AI score0.02487EPSS
Exploits0References1
Prion
Prion
added 2019/05/24 5:29 p.m.23 views

Integer overflow

Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215,...

10CVSS9.4AI score0.01118EPSS
Exploits0References1
CVE
CVE
added 2019/05/24 4:44 p.m.75 views

CVE-2018-13887

CVE-2018-13887 describes an integer overflow vulnerability caused by untrusted header fields in the GNSS XTRA3 function, affecting Qualcomm Snapdragon platforms (Auto, Compute, IOT variants across multiple Snapdragon and QC700-series devices). The root cause is untrusted data in GNSS XTRA3 header...

10CVSS9.5AI score0.01118EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/05/24 4:44 p.m.34 views

CVE-2018-13887

Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215,...

9.6AI score0.01118EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/10/03 12:0 a.m.7 views

PT-2020-3715 · Ruby +2 · Puma +2

Name of the Vulnerable Software and Affected Versions: Puma versions prior to 4.3.2 Puma versions prior to 3.12.3 Description: The issue is related to HTTP Response Splitting, where an attacker can use newline characters CR, LF, or /r, /n to end a header and inject malicious content, such as...

9.8CVSS6.5AI score0.99856EPSS
Exploits71References280
Rows per page
Query Builder