Lucene search
+L

332 matches found

Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.6 views

In x/text in Go 1.15.4 an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

...

7.5CVSS7AI score0.02297EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.28 views

openSUSE 15 Security Update : python-Django (SUSE-SU-2024:2545-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2545-1 advisory. - CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets bsc1227590 - CVE-2024-39329: Fixed...

7.5CVSS6.5AI score0.47102EPSS
Exploits0References16
0day.today
0day.today
added 2024/05/13 12:0 a.m.158 views

Leafpub 1.1.9 - Stored XSS Vulnerability

Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address: http://localhost/leafpub/admin/login...

7.4AI score
Exploits0
OSV
OSV
added 2024/05/10 11:7 a.m.5 views

OESA-2024-1528 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to...

7.5CVSS6.8AI score0.01428EPSS
Exploits0References2
OSV
OSV
added 2024/05/10 11:7 a.m.4 views

OESA-2024-1527 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to...

7.5CVSS6.8AI score0.01428EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/29 12:0 p.m.5 views

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

7.5CVSS6.6AI score0.01428EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/23 2:16 p.m.5 views

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

7.5CVSS6.6AI score0.01428EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:7 a.m.28 views

BIT-GOLANG-2020-28851

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

7.5CVSS7.3AI score0.02297EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2023/11/08 12:0 a.m.4 views

CVE-2022-32149

...

7.5CVSS6.7AI score0.01428EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/06/26 1:19 a.m.4 views

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

7.5CVSS6.6AI score0.01428EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/18 12:39 a.m.3 views

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

7.5CVSS6.6AI score0.01428EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.13 views

python-django: Potential denial-of-service via Accept-Language headers

A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...

7.5CVSS6.7AI score0.47102EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2023/05/03 2:58 p.m.8 views

python-django: Potential denial-of-service via Accept-Language headers

A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...

7.5CVSS6.7AI score0.47102EPSS
Exploits0References10
ALT Linux
ALT Linux
added 2023/03/31 12:0 a.m.39 views

Security fix for the ALT Linux 10 package python3-module-django version 3.2.18-alt1

3.2.18-alt1 built March 31, 2023 Alexey Shabalin in task 317508 March 24, 2023 Alexey Shabalin - New version 3.2.18. - Fixes for the following security vulnerabilities: + CVE-2023-23969 Potential denial-of-service via Accept-Language headers + CVE-2023-24580 Potential denial-of-service...

7.7AI score0.62575EPSS
Exploits0
OSV
OSV
added 2023/02/21 11:4 a.m.6 views

OESA-2023-1114 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References2
OSV
OSV
added 2023/02/17 11:4 a.m.5 views

OESA-2023-1097 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References2
OSV
OSV
added 2023/02/17 11:4 a.m.4 views

OESA-2023-1098 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References2
OSV
OSV
added 2023/02/17 11:4 a.m.4 views

OESA-2023-1099 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/16 12:0 a.m.110 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Go Text vulnerabilities (USN-5873-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5873-1 advisory. It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial...

7.5CVSS7.1AI score0.02297EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-1358

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

2.6CVSS6AI score0.19889EPSS
Exploits1References3
Rows per page
Query Builder