756 matches found
SUSE CVE-2024-53270
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called. However, the...
BIT-RAILS-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...
CVE-2024-53270 HTTP/1: sending overload crashes when the request is reset beforehand in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called. However, the...
GHSA-4HXR-28MV-Q729 Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch nam...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
PT-2024-17388 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.3.38 Liferay DXP versions 7.4 GA through update 38 Liferay DXP versions 7.3 GA through update 36 Liferay DXP versions 7.2 GA through fix pack 20 Liferay DXP versions 7.1 GA through fix pack 28...
Internet Bug Bounty: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
A possible ReDoS vulnerability was discovered in the query parameter filtering routines of Action Dispatch in Ruby on Rails. The vulnerability was assigned the CVE identifier CVE-2024-41128. Versions affected were less than 8.0.0.beta1. The issue was addressed in fixed versions 7.2.1.1, 7.1.4.1,...
MAL-2024-11077 Malicious code in repository-dispatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6945fe41e15be899900e8df18381144d95f14a8645f686d9b4c96f755e46f8d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in repository-dispatch1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f9656fdbcf8cfe7b8793ea8ca6e482acdd0cd50039d7b14f2e00924b3b2d0e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in repository-dispatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6945fe41e15be899900e8df18381144d95f14a8645f686d9b4c96f755e46f8d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2024-9687 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.29.12 Envoy versions prior to 1.30.9 Envoy versions prior to 1.31.5 Envoy versions prior to 1.32.3 Description: The issue is related to the envoy.load shed points.http1 server abort dispatch configuration in Envoy, a...
kernel: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy run-time warning in dgdispatchashost The Linux kernel CVE team has assigned CVE-2024-35944 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051920-CVE-2024-35944-a860@gregkh/T...
kernel: powerpc/pseries: Whitelist dtl slub object for copying to userspace
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu- results in a BUG when the config CONFIGHARDENEDUSERCOPY is enabled as shown below. kernel...
DEBIAN-CVE-2024-41128
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...
CVE-2024-41128 Action Dispatch has possible ReDoS vulnerability in query parameter filtering
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...
CVE-2024-41128 Action Dispatch has possible ReDoS vulnerability in query parameter filtering
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...
GHSA-X76W-6VJR-8XGJ Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact ------ Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time,...
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact ------ Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time,...
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibl...
Lines Police CAD 安全漏洞
Lines Police CAD is an easy to set up and use police server from the individual developers at Merrill Lines. A security vulnerability exists in Lines Police CAD version 1.0 that originates from user interaction with a carefully constructed password reset link, allowing an attacker to obtain a...