SUSE CVE-2015-8767

net/sctp/smsideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service deadlock via a crafted sctpaccept call...

SUSE CVE-2016-0751

actionpack/lib/actiondispatch/http/mimetype.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service...

SUSE CVE-2016-3191

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

SUSE CVE-2016-6293

The ulocacceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode ICU through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service out-of-bounds read or...

SUSE CVE-2016-10539

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...

SUSE CVE-2017-8890

The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call...

SUSE CVE-2017-11171

Bad reference counting in the context of accepticeconnection in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data an invalid magic cookie. Each failed authentication...

SUSE CVE-2017-15710

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

SUSE CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

SUSE CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

SUSE CVE-2019-5419

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

SUSE CVE-2020-28851

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

SUSE CVE-2020-28852

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

SUSE CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

SUSE CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

SUSE CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

AZL-45279 CVE-2023-25565 affecting package gssntlmssp for versions less than 1.3.1-1

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...

AZL-45234 CVE-2023-25564 affecting package gssntlmssp for versions less than 1.3.1-1

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

UBUNTU-CVE-2023-25567

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the avpair is not checked properly for two of the elements which can trigger an out-of-bound read. The...

UBUNTU-CVE-2023-25565

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...