117 matches found
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client
A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...
CVE-2020-27614
AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation...
CVE-2020-11077
In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...
CVE-2020-11077 HTTP Smuggling via Transfer-Encoding Header in Puma
In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...
[SECURITY] Fedora 31 Update: libapreq2-2.13-38.fc31
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...
Hardcoded credentials
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...
CVE-2019-6474
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...
[SECURITY] Fedora 29 Update: libapreq2-2.13-38.fc29
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...
Oracle Web Cache Unspecified Client Request Handling DoS - Ver2
A vulnerability exists in Oracle Web Cache. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Adobe Reader PDF Client Request Injection Vulnerability
Adobe Reader is a popular application for working with PDF files. A request injection vulnerability exists in the Adobe Reader PDF client. An attacker can exploit the vulnerability to obtain unauthorized information...
Directory Traversal
Sanic is vulnerable to directory traversal attacks. Attackers can read arbitrary files by using a client to request a URL with a substring such as /static/..%2f...
Motorola Netopia Netoctopus SDCS Stack Buffer Overflow
require 'msf/core' class MetasploitModule 'Motorola Netopia Netoctopus SDCS Stack Buffer Overflow', 'Description' = %q This module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifi...
nginx: NULL pointer dereference while writing client request body
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash...
Medium: nginx
Issue Overview: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file. Affected Packages: nginx...
NULL pointer dereference while writing client request body
NULL pointer dereference while writing client request body Severity: medium CVE-2016-4450 Not vulnerable: 1.11.1+, 1.10.1+ Vulnerable: 1.3.9-1.11.0...
MGASA-2016-0216 Updated nginx packages fix CVE-2016-4450
Updated nginx package fixes security vulnerability: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a...
nginx-mainline: denial of service
A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...
nginx: denial of service
A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...
SIP Client Request Detection (UDP)
Binary data 9061.prm...
FreeBSD : xserver -- multiple issue with X client request handling (27b9b2f0-8081-11e4-b4ca-bcaec565249c)
Alan Coopersmith reports : Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues. The vulnerabilities...