1332 matches found
CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2...
CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2...
CVE-2023-44386
Vapor (Swift) contains a denial-of-service vulnerability in the HTTP/1.x request parsing path. The HTTP1 error handler closes connections on parse errors instead of propagating them, leading to an immediate server termination under misused API usage. A fix is available in Vapor release 4.84.2. Th...
CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2...
Fedora: Security Advisory for rust-axum (FEDORA-2023-9c4142423a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: rust-axum-0.6.20-1.fc38
Web framework that focuses on ergonomics and modularity...
[SECURITY] Fedora 37 Update: rust-axum-0.6.20-1.fc37
Web framework that focuses on ergonomics and modularity...
mojoPortal 代码问题漏洞
mojoPortal is a cross-platform object-oriented web framework . A file upload vulnerability exists in mojoPortal, which can be exploited by a remote attacker to submit a special request that can upload malicious files and execute arbitrary code in the context of the application...
mojoPortal 代码问题漏洞
mojoPortal is a cross-platform object-oriented web framework . A file upload vulnerability exists in mojoPortal, which can be exploited by a remote attacker to submit a special request that can upload malicious files and execute arbitrary code in the context of the application...
Fedora: Security Advisory for rust-axum (FEDORA-2023-91a66898d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: python-oauthlib-3.2.2-1.fc37
OAuthLib is a generic utility which implements the logic of OAuth without assuming a specific HTTP request object or web framework. Use it to graft OAuth client support onto your favorite HTTP library, or provider support onto your favourite web framework. If you're a maintainer of such a library...
[SECURITY] Fedora 39 Update: python-oauthlib-3.2.2-1.fc39
OAuthLib is a generic utility which implements the logic of OAuth without assuming a specific HTTP request object or web framework. Use it to graft OAuth client support onto your favorite HTTP library, or provider support onto your favourite web framework. If you're a maintainer of such a library...
Economizzer Security Vulnerabilities
Economizzer is a simple and open source personal finance management system using PHP Yii Framework 2 by Gustavo G. Andrade, an individual developer. A security vulnerability exists in Economizzer v.0.9-beta1, which is vulnerable to clickjacking attacks...
Jenkins temporary uploaded file created with insecure permissions
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...
CVE-2023-43497
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...
CVE-2023-43497
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...
Design/Logic Flaw
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...
CVE-2023-43497
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...
CVE-2023-43497
CVE-2023-43497 affects Jenkins 2.423 and earlier, and LTS 2.414.1 and earlier. The root cause is in processing file uploads via the Stapler web framework, which creates temporary files in the system temporary directory with default permissions. This could let an attacker with access to the Jenkin...
Fedora: Security Advisory for rubygem-rails (FEDORA-2023-4f0bb4ff5e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...