Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2022-47422

Cross-Site Request Forgery CSRF vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin = 3.1.5 versions...

CVE-2022-47422

Cross-Site Request Forgery CSRF vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin = 3.1.5 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin = 3.1.5 versions...

CVE-2022-47422

The CVE-2022-47422 entry concerns the WordPress plugin HM Plugin Accept Stripe Donation – AidWP, affected up to version 3.1.5. Connected sources confirm a Cross-Site Request Forgery (CSRF) vulnerability due to insufficient CSRF protections, enabling an attacker to induce actions via an authentica...

CVE-2022-47422 WordPress WordPress Stripe Donation and Payment Plugin Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin = 3.1.5 versions...

OESA-2023-1114 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

OESA-2023-1099 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

OESA-2023-1098 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

OESA-2023-1097 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

SUSE CVE-2023-25564

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

SUSE CVE-2023-25566

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Go Text vulnerabilities (USN-5873-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5873-1 advisory. It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial...

SUSE CVE-2004-0656

The acceptclient function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections...

SUSE CVE-2006-1342

net/ipv4/afinet.c in Linux kernel 2.4 does not clear sockaddrin.sinzero before returning IPv4 socket names from the 1 getsockname, 2 getpeername, and 3 accept functions, which allows local users to obtain portions of potentially sensitive memory...

SUSE CVE-2007-1358

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

SUSE CVE-2011-1165

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks...

SUSE CVE-2012-3461

The 1 otrlbase64otrdecode function in src/b64.c; 2 otrlprotodatareadflags and 3 otrlprotoacceptdata functions in src/proto.c; and 4 decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a deni...

SUSE CVE-2013-1839

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a "," character in an Accept-Language header...

SUSE CVE-2015-8382

The match function in pcreexec.c in PCRE before 8.37 mishandles the /?:abcd|?:?:?:?:abc|?:abcdefbabcdefghiabc|ACCEPT/ pattern and related patterns involving ACCEPT, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service partially initialized...