17 matches found
CVE-2026-53433
In fzf, CVE-2026-53433, the DoS arises from inefficient HTTP body processing in the --listen mode due to repeated string concatenation, giving quadratic time (O(n²)) for a crafted POST request with many small segments. This can cause a single malicious request to monopolize the single-threaded HT...
CVE-2025-65781
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...
EUVD-2024-20827
Malicious code in bioql PyPI...
Moderate: python3.11-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 For more details about the security issues, including the...
PT-2024-27871 · Phoniebox · Phoniebox
Name of the Vulnerable Software and Affected Versions: Phoniebox versions prior to 3.0 Description: The issue is related to insecure handling of the body parameter in POST header requests sent to an instance of the Phoniebox open-source project. This allows an attacker to create a website that,...
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...
CVE-2024-23308
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...
Design/Logic Flaw
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...
CVE-2024-23308 BIG-IP Advanced WAF and ASM vulnerability
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...
CVE-2024-23308
CVE-2024-23308 affects BIG-IP Advanced WAF/ASM: when a policy with a Request Body Handling option is attached to a virtual server, certain requests can trigger a NULL dereference in the BD process, causing DoS by remote unauthenticated access. Impact is Denial of Service to traffic handling (data...
PT-2024-19799 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition...
F5 BIG-IP Code Issue Vulnerability
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from an undisclosed request that could cause the BD process to termina...
F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM vulnerability (K000137416)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137416 advisory. - When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server,...
PT-2023-36301 · Unknown · Distribution
Name of the Vulnerable Software and Affected Versions: distribution versions prior to 2.8.3 Description: The issue is related to several problems in the distribution package, including the parsing of errors as JSON, the handling of HTTP request bodies, and the deprecation of certain functions and...
OPENSUSE-SU-2022:10140-1 Security update for lighttpd
This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.67: Update comment about TCPINFO on OpenBSD modajp13 fix crash with bad response headers fixes 3170 core handle RDHUP when collecting chunked body CVE-2022-41556 boo1203872 core tweak streaming request body to backen...
SpringMVC in the XXE vulnerability testing-vulnerability warning-the black bar safety net
SpringMVC framework support for XML to Object mapping, the interior is the use of two global interface Marshaller and Unmarshaller, one implementation is to use the Jaxb2Marshaller class implementation, the class nature implements two global interfaces for XML and Object bi-directional parsing. A...