Possible ReDoS vulnerability in Accept header parsing in Action Dispatch

There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1.0 Fixed Versions: 7.1.3.1 Impact Carefully crafted Accept headers can cau...

Duo Jailed for Hacking JFK Taxi Dispatch System

By Waqas The scheme started in September 2019 and continued until September 2021. This is a post from HackRead.com Read the original post: Duo Jailed for Hacking JFK Taxi Dispatch System...

OESA-2024-1146 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1,...

CVE-2022-46486

A lack of pointer-validation logic in the sconedispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information...

CVE-2022-46486

A lack of pointer-validation logic in the sconedispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information...

SCONE Confidential Computing Platform Security Vulnerability

SCONE Confidential Computing Platform is an open source platform for implementing confidential computing from SCONE, Germany. A security vulnerability exists in SCONE Confidential Computing Platform versions prior to 5.8.0, which stems from a lack of pointer alignment logic in functions such as...

SCONE Confidential Computing Platform Security Vulnerability

SCONE Confidential Computing Platform is an open source platform for implementing confidential computing from SCONE, Germany. A security vulnerability exists in SCONE Confidential Computing Platform versions prior to v5.8.0, which stems from a lack of pointer validation logic in the sconedispatch...

PT-2023-26250 · Intel · Intel Sgx

Name of the Vulnerable Software and Affected Versions: SCONE Confidential Computing Platform versions prior to 5.8.0 Description: An issue was discovered in the SCONE Confidential Computing Platform, where the lack of pointer-alignment logic in scone dispatch and other entry functions allows a...

rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...

kernel: scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed"

A use-after-free flaw was found in the Linux kernel's SCSI subsystem in the command dispatch error handling. A local user can trigger this issue through specific SCSI device operations that cause dispatch failures, where the code attempts to increment a reference counter on a device structure tha...

PT-2023-35550 · Git +1 · Php

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash, specifically a Segv on an unknown address, which occurs during the execution of certain functions, including cleanup liv...

CVE-2023-42335

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component...

CVE-2023-42335

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component...

CVE-2023-42335

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component...

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

Design/Logic Flaw

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

Unrestricted file upload

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component...