CVE-2024-0241

encodedid-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter...

CVE-2024-0241

encodedid-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter...

Design/Logic Flaw

encodedid-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter...

CVE-2024-0241

CVE-2024-0241 affects the encoded_id-rails library prior to 1.0.0.beta2. The vulnerability is an uncontrolled resource consumption that can be triggered by a remote, unauthenticated attacker sending an HTTP request with an extremely long id parameter, leading to denial of service (high impact). T...

Security Bulletin: IBM DevOps Release 7.0.0 addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows when a web application opened a stream for an uploaded file but...

Security Bulletin: IBM Integration Bus is vulnerable to HTTP request smuggling and a denial of service due to Apache Tomcat. (CVE-2023-46589, CVE-2023-42794)

Summary IBM Integration Bus is vulnerable to HTTP request smuggling and a denial of service due to Apache Tomcat. Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a...

Security Bulletin: Vulnerability in Apache Tomcat affects App Connect Professional.

Summary App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted...

Apache 2.4.55 mod_proxy HTTP Request Smuggling

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

JeecgBoot server-side template injection

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component...

CVE-2023-41544

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component...

CVE-2023-41544

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component...

Sql injection

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component...

CVE-2023-41544

CVE-2023-41544 is a server-side template injection vulnerability in jeecg-boot 3.5.3. The SSTI flaw affects the /jmreport/loadTableData component and allows remote attackers to execute arbitrary code through crafted HTTP requests. The issue is rated critical (CVSS 3.1: 9.8; AV:N/AC:L/PR:N/UI:N/S:...

CVE-2023-41544

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component...

IBM Planning Analytics Code Issue Vulnerability (CNVD-2024-01168)

IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting and analysis. A code issue vulnerability exists in IBM Planning Analytics version 2.0,...

[SECURITY] [DSA 5590-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5590-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 28, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5589-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5589-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2023 https://www.debian.org/security/faq -...

NewStart CGSL MAIN 6.06 : docker-ce Multiple Vulnerabilities (NS-SA-2023-0095)

The remote NewStart CGSL host, running version MAIN 6.06, has docker-ce packages installed that are affected by multiple vulnerabilities: - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is...

SUSE-SU-2023:4974-1 Security update for distribution

This update for distribution fixes the following issues: distribution was updated to 2.8.3 bsc1216491: Pass BUILDTAGS argument to go build Enable Go build tags reference: replace deprecated function SplitHostname Dont parse errors as JSON unless Content-Type is set to JSON update to go 1.20.8 Set...

Apache Airflow Cross-Site Request Forgery Vulnerability (CNVD-2024-0101720)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site request forgery vulnerability exists in Apache Airflow versions 2.7.0...