Lucene search
K

76 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.4 views

SUSE CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

7.5CVSS7.6AI score0.58284EPSS
Exploits5References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.5 views

SUSE CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

5.9CVSS7AI score0.98507EPSS
Exploits18References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.4 views

SUSE CVE-2019-5419

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

5.9CVSS6.8AI score0.08671EPSS
Exploits3References15
RedHat Linux
RedHat Linux
added 2022/09/09 7:12 a.m.1 views

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

5.3CVSS7.2AI score0.7795EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/05/20 11:49 p.m.43 views

CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

7.5CVSS3.1AI score0.58284EPSS
Exploits5References1
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.3 views

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

5.3CVSS7.2AI score0.7795EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.4 views

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

5.3CVSS7.2AI score0.7795EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/09/30 9:57 a.m.5 views

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

5.3CVSS7.2AI score0.7795EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.5 views

The vulnerability of the regular expression processor in the Mime-type parser of the ActionDispatch framework in the Ruby programming platform of Ruby on Rails, related to an uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the regular expression processor in the Mime-type parser of the ActionDispatch framework in the Ruby programming platform’s Ruby on Rails framework is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service...

7.5CVSS6.6AI score0.02791EPSS
Exploits1References6Affected Software2
RedHat Linux
RedHat Linux
added 2021/07/12 12:12 p.m.5 views

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

5.3CVSS7.2AI score0.7795EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/06/30 3:47 p.m.4 views

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

5.3CVSS7.2AI score0.7795EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/06/29 6:18 a.m.3 views

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

5.3CVSS7.2AI score0.7795EPSS
Exploits0References5
OSV
OSV
added 2021/06/11 4:15 p.m.2 views

DEBIAN-CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS6.3AI score0.02791EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/06/11 4:15 p.m.33 views

CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS6.8AI score0.02791EPSS
Exploits1References1
OSV
OSV
added 2021/06/11 4:15 p.m.4 views

UBUNTU-CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS6.8AI score0.02791EPSS
Exploits1References2
OSV
OSV
added 2021/05/06 11:2 a.m.5 views

OESA-2021-1166 jetty security update

%global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content...

7.8CVSS6.8AI score0.7795EPSS
Exploits1References3
OSV
OSV
added 2021/05/05 7:48 p.m.24 views

GHSA-G8WW-46X2-2P65 Denial of Service in Action Dispatch

Impact ------ There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases -------- The fixed releases are available at the norm...

7.5CVSS7.4AI score0.02791EPSS
Exploits1References7
Snyk
Snyk
added 2021/05/05 7:48 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Mime type parser of Action Dispatch due to the vulnerable regular expression MIMEREGEXP. Carefully crafted Accept headers can lead to catastrophic backtracking in the mime type parser...

7.5CVSS6.8AI score0.02791EPSS
Exploits1References2
RubySec
RubySec
added 2021/05/05 12:0 a.m.33 views

Possible Denial of Service vulnerability in Action Dispatch

There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2021-22902. Versions Affected: = 6.0.0 Not affected: \sMIMEPARAMETER\s\z/ end end...

7.5CVSS4.1AI score0.02791EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/01 12:0 a.m.7 views

PT-2021-4061 · Ruby +1 · Action Pack +1

Name of the Vulnerable Software and Affected Versions: actionpack ruby gem versions 6.0.0 through 6.0.3.6 actionpack ruby gem versions 6.1.0 through 6.1.3.1 Description: The issue is related to a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafte...

9.8CVSS6.2AI score0.98507EPSS
Exploits31References76
Rows per page
Query Builder