12 matches found
Improper Validation of Syntactic Correctness of Input
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the processing of HTTP/2 request headers. An attacker can cause unexpected behavior or potentially...
GHSA-7GCC-R8M5-44QM Koa has Host Header Injection via ctx.hostname
Summary Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed Host header containing a @ symbol e.g., evil.com:[email protected] is received,...
Linux Distros Unpatched Vulnerability : CVE-2019-20444
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax...
Debian Security Advisory DSA 058-1 (exim)
The remote host is missing an update to exim announced via advisory DSA 058-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-1134-1 mozilla-thunderbird - several vulnerabilities
Bulletin has no description...
[SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1118-1 [email protected] http://www.debian.org/security/ Martin Schulze July 22nd, 2006 http://www.debian.org/security/faq -...
Debian DSA-501-1 : exim - buffer overflow
Georgi Guninski discovered two stack-based buffer overflows. They can not be exploited with the default configuration from the Debian system, though. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update : - CAN-2004-0399 When...
FreeBSD : exim buffer overflow when verify = header_syntax is used (43)
The following package needs to be updated: exim-ldap2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg5f29c2e49f6a11d8abbc00e08110b673.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
Exim verify=header_syntax buffer overflow
Background Exim is an highly configurable message transfer agent MTA developed at the University of Cambridge. Description When the option "verify = headersyntax" is used in an ACL in the configuration file, Exim is vulnerable to a buffer overflow attack that can be triggered remotely by sending...
Exim buffer overflows
2 buffer overflows if senderverify is on or verify = headersyntax...
DSA-501 exim - buffer overflow
Bulletin has no description...
exim buffer overflow when verify = header_syntax is used
A remote exploitable buffer overflow has been discovered in exim when verify = headersyntax is used in the configuration file. This does not affect the default configuration...