SUSE CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

CVE-2024-41339

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigo...

DrayTek Vigor 165 代码注入漏洞

The DrayTek Vigor 165 is a VDSL2 35b hypervector modem/router from China Juyi DrayTek. A security vulnerability exists in the DrayTek Vigor 165 that stems from an improperly uploaded CGI endpoint configuration that could lead to arbitrary code execution...

The vulnerability in the prog.cgi module of the SetIPv6PppoeSettings software, which is used by D-Link DIR-853 A1 routers, allows a hacker to cause a service failure.

The vulnerability in the prog.cgi script of the SetIPv6PppoeSettings module of the D-Link DIR-853 A1 router’s microprogramming system is related to buffer overflow during the processing of the IPv6PppoePassword parameter. Exploiting this vulnerability can allow an attacker to cause a service...

PT-2025-9022 · Draytek · Draytek Vigor 2862/2926 +8

Name of the Vulnerable Software and Affected Versions: Draytek Vigor 165/166 versions prior to 4.2.6 Draytek Vigor 2620/LTE200 versions prior to 3.9.8.8 Draytek Vigor 2860/2925 versions prior to 3.9.7 Draytek Vigor 2862/2926 versions prior to 3.9.9.4 Draytek Vigor 2133/2762/2832 versions prior to...

CVE-2024-41339

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigo...

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5....

PT-2025-9025 · Draytek · Vigor2135/2765/2766 +8

Name of the Vulnerable Software and Affected Versions: Vigor2620/LTE200 versions 3.9.8.9 and earlier Vigor2860/2925 versions 3.9.8 and earlier Vigor2862/2926 versions 3.9.9.5 and earlier Vigor2133/2762/2832 versions 3.9.9 and earlier Vigor165/166 versions 4.2.7 and earlier Vigor2135/2765/2766...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: ruby/uri Fix quadratic backtracking on invalid relative URI ruby/time Make RFC2822 rege...

SUSE-SU-2025:0736-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: - ruby/uri Fix quadratic backtracking on invalid relative URI - ruby/time Make...

Internet Bug Bounty: [CVE-2025-27219] Denial of Service in CGI::Cookie.parse

A denial-of-service vulnerability was discovered in the CGI::Cookie.parse method of the Ruby cgi gem. The vulnerability was caused by the method taking super-linear time to parse a maliciously crafted cookie string. This could have led to service disruptions. The vulnerability was assigned the CV...

USN-7049-3 php5 vulnerabilities

USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data.A remote attacker could possibly use this issue to inject payloads and cause PHP to...

PT-2025-8695

Name of the Vulnerable Software and Affected Versions CGI gem versions prior to 0.4.2 Description A Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method. This issue can lead to high CPU consumption due to crafted input. The vulnerability affects Ruby...

PT-2025-8694

Name of the Vulnerable Software and Affected Versions CGI gem versions prior to 0.4.2 Description The CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes,...

CVE-2025-27219 - Denial of Service in CGI::Cookie.parse

There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into t...

CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

Medium: php

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

Python 3.12 Documentation Cross Site Scripting

The official Python 3.12 documentation provides a code example that results in implementing insecure code susceptible to cross site scripting. Python's official documentation contains textbook example of insecure code XSS Date: 2025-02-18 Author: Georgi Guninski From the official Python 3.12...

CVE-2024-57050

A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing th...

CVE-2021-46686

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker...