Slackware: Security Advisory (SSA:2024-297-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : python-fastapi / python-openapi-core / python-platformio / etc (2024-f1615b58e6)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-f1615b58e6 advisory. Security fix for CVE-2024-47874. Starlette 0.40.0 October 15, 2024 This release fixes a Denial of service DoS via multipart/form-data requests. You can view...

[slackware-security] php81

New php81 packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.30-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2024-4577, Parameter Injection Vulnerability...

Denial Of Service (DoS)

Starlette is vulnerable to Denial of Service DoS. The vulnerability is due to the way Starlette handles multipart/form-data parts without a filename. Specifically, these parts are treated as text form fields and buffered in byte strings without any size limits, allowing for arbitrary large upload...

openSUSE Security Advisory (SUSE-SU-2024:3719-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : python-starlette (SUSE-SU-2024:3719-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:3719-1 advisory. - CVE-2024-47874: Fixed possible DoS via parts size in multipart/form-data requests bsc1231689 Tenable has extracted the preceding description block directly...

Security update for php7

This update for php7 fixes the following issues: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable collision...

Security update for php74

This update for php74 fixes the following issues: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable collision...

Security update for python-starlette

This update for python-starlette fixes the following issues: CVE-2024-47874: Fixed possible DoS via parts size in multipart/form-data requests bsc1231689 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2024:3719-1 Security update for python-starlette

This update for python-starlette fixes the following issues: - CVE-2024-47874: Fixed possible DoS via parts size in multipart/form-data requests bsc1231689...

Security update for php8

This update for php8 fixes the following issues: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable collision...

SUSE-SU-2024:3664-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...

SUSE CVE-2024-47874

Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...

GHSA-F96H-PMFR-66VW Starlette Denial of service (DoS) via multipart/form-data

Summary Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and...

Starlette Denial of service (DoS) via multipart/form-data

Summary Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and...

CVE-2024-47874

Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...

CVE-2024-47874 Starlette Denial of service (DoS) via multipart/form-data

Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...

Allocation of Resources Without Limits or Throttling

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via multipart/form-data requests, due to treating parts without a filename as text form fields and buffering those in byte strings...

WordPress File Manager Advanced Shortcode 2.3.2 Code Injectin / Shell Upload

============================================================================================================================================= | Title : WordPress File Manager Advanced Shortcode 2.3.2 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

BIT-PHP-2024-8925 Erroneous parsing of multipart form data

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...