756 matches found
rails: Possible Denial of Service vulnerability in Action Dispatch
A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible Denial of Service vulnerability was found in the Mime type parser of Action Dispatch...
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked in...
It’s Not You. It’s Them. On Hacking and Responsible Disclosure.
A story was recently posted to Hacker News celebrating a hack of IoT devices at a school that let a student and their friends rickroll the school via a video system. On the one hand, this guy is my personal hero and I want to be them. But Im a cybersecurity professional, I run a team that has the...
Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov...
KDU
This is a Windows driver code, specifically a device driver for a fictional device called "DUMMYDRV". The code is written in C and is compiled into a Windows driver executable. The code consists of two parts: dummy.sys and dummy2.sys. Both files are Windows driver executables, but they have...
OSV-2021-913 Heap-buffer-overflow in dispatch
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35727 Crash type: Heap-buffer-overflow READ 1 Crash state: dispatch dispatchlinked codegen...
File Upload Vulnerability in the Command and Dispatch Management Platform of Fujian Qualicom Communication Co.
Fujian Qualicom Communication Co., Ltd. is a solution provider and service operator focusing on professional communication. A file upload vulnerability exists in the Command and Dispatch Management Platform of Fujian Qualicom Communication Co. Ltd. that can be exploited by an attacker to upload a...
DEBIAN-CVE-2021-22902
The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...
UBUNTU-CVE-2021-22902
The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...
IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP Date: 2020-05-20 Exploit Author: Austin Babcock Vendor Homepage: https://icofx.ro/ Software Link: https://drive.google.com/file/d/1SONzNStAW3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing Version: 2.6.0.0 Tested on: Windows 7...
Discourse 2.7.0.beta9 Security Update
A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...
CVE-2021-22902
A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible Denial of Service vulnerability was found in the Mime type parser of Action Dispatch...
Command Execution Vulnerability in Multimedia Dispatch System of Beijing Jieshirui Technology Co.
Ltd. is a high-tech enterprise founded by overseas returned high-tech talents. A command execution vulnerability exists in the multimedia scheduling system of Beijing Jieshirui Technology Co., Ltd, which can be exploited by attackers to execute arbitrary commands...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Mime type parser of Action Dispatch due to the vulnerable regular expression MIMEREGEXP. Carefully crafted Accept headers can lead to catastrophic backtracking in the mime type parser...
GHSA-G8WW-46X2-2P65 Denial of Service in Action Dispatch
Impact ------ There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases -------- The fixed releases are available at the norm...
Denial of Service in Action Dispatch
Impact ------ There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases -------- The fixed releases are available at the norm...
Possible Denial of Service vulnerability in Action Dispatch
There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2021-22902. Versions Affected: = 6.0.0 Not affected: \sMIMEPARAMETER\s\z/ end end...
PT-2021-4061 · Ruby +1 · Action Pack +1
Name of the Vulnerable Software and Affected Versions: actionpack ruby gem versions 6.0.0 through 6.0.3.6 actionpack ruby gem versions 6.1.0 through 6.1.3.1 Description: The issue is related to a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafte...
Netflix Dispatch Access Control Error Vulnerability
Netflix Dispatch is a US-based Netflix software that provides security event management with deep integration with Slack, GSuite, Jira and other tools. Netflix Dispatch suffers from an Access Control Error vulnerability that can be exploited by an attacker to view restricted events, escalate a...
CVE-2020-9299
There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user...