PT-2021-4061 · Ruby +1 · Action Pack +1

Name of the Vulnerable Software and Affected Versions: actionpack ruby gem versions 6.0.0 through 6.0.3.6 actionpack ruby gem versions 6.1.0 through 6.1.3.1 Description: The issue is related to a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafte...

FreeBSD : FreeBSD -- double free in accept_filter(9) socket configuration interface (f8e1e2a6-9791-11eb-b87a-901b0ef719ab)

An unprivileged process can configure an accept filter on a listening socket. This is done using the setsockopt2 system call. The process supplies the name of the accept filter which is to be attached to the socket, as well as a string containing filter-specific information. If the filter...

CVE-2021-29627

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accfcreate callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double fr...

FreeBSD -- double free in accept_filter(9) socket configuration interface

Problem Description: An unprivileged process can configure an accept filter on a listening socket. This is done using the setsockopt2 system call. The process supplies the name of the accept filter which is to be attached to the socket, as well as a string containing filter-specific information. ...

DEBIAN-CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

ALPINE-CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

LiveZilla Server 8.0.1.0 Cross Site Scripting

Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla Date: 18 Mars 2021 Exploit Author: Clément Cruchet Vendor Homepage: https://www.livezilla.net Software Link: https://www.livezilla.net/downloads/en/ Version:...

LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS

Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla Date: 18 Mars 2021 Exploit Author: Clément Cruchet Vendor Homepage: https://www.livezilla.net Software Link: https://www.livezilla.net/downloads/en/ Version:...

LiveZilla Server 8.0.1.0 - (Accept-Language) Reflected XSS Vulnerability

Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla Exploit Author: Clément Cruchet Vendor Homepage: https://www.livezilla.net Software Link: https://www.livezilla.net/downloads/en/ Version: LiveZilla Server 8.0.1...

GHSA-M394-8RWW-3JR7 DOS vulnerability for Quoted Quality CSV headers

Impact When Jetty handles a request containing request headers with a large number of “quality” i.e. q parameters such as what are seen on the Accept, Accept-Encoding, and Accept-Language request headers, the server may enter a denial of service DoS state due to high CPU usage while sorting the...

Denial Of Service(DoS)

Jetty is vulnerable to denial of service DoS. The use of multiple Accept headers with a large number of quality causes a high CPU usage, resulting in long durations of CPU processing and crashing of the application...

DEBIAN-CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

UBUNTU-CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

PT-2021-5795 · Eclipse +3 · Eclipse Jetty +3

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.6.v20170531 through 9.4.36.v20210114 Eclipse Jetty version 10.0.0 Eclipse Jetty version 11.0.0 Description: The issue is related to the handling of requests containing multiple Accept headers with a large number of...

Cisco Multiple Routers Accept Header Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. When...

CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed...

PT-2021-13844 · Privoxy +3 · Privoxy +3

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A flaw was found that could result in a crash if accept-intercepted-requests was enabled. This occurs when Privoxy fails to get the request destination from the Host header and a memory allocation...

CVE-2020-28851

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

DEBIAN-CVE-2020-28852

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

AZL-44148 CVE-2020-28852 affecting package buildah for versions less than 1.41.4-2

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...