User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

EUVD-2021-21853

Malware in sbrugna...

USN-7031-2 puma vulnerability

USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite heade...

USN-7031-1: Puma vulnerability

It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters...

CVE-2018-19523

DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL 0x80002068 with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool...

Phusion Passenger Server allows to overwrite headers in some cases

It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications...