Lucene search
+L

385 matches found

Cvelist
Cvelist
added 2023/02/16 5:30 p.m.23 views

CVE-2023-24807 Undici vulnerable to Regular Expression Denial of Service in Headers

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7.7AI score0.01304EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/02/16 5:30 p.m.31 views

CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7.3AI score0.01304EPSS
Exploits0
OSV
OSV
added 2023/02/16 5:30 p.m.28 views

CVE-2023-24807 Undici vulnerable to Regular Expression Denial of Service in Headers

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7AI score0.01304EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2023/02/16 5:30 p.m.26 views

CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS8.1AI score0.01304EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.43 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : HAProxy vulnerability (USN-5869-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5869-1 advisory. Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empt...

9.1CVSS7.7AI score0.05493EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/02/14 5:0 p.m.103 views

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

9.1CVSS7AI score0.05493EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/01/20 12:0 a.m.38 views

openSUSE 15 Security Update : netty (SUSE-SU-2022:1315-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:1315-1 advisory. - Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

5.9CVSS6.3AI score0.04935EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/12/09 12:0 a.m.28 views

Amazon Linux 2022 : python-twisted (ALAS2022-2022-231)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-231 advisory. - twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is...

8.1CVSS7.7AI score0.0351EPSS
Exploits1References7
Amazon
Amazon
added 2022/10/21 12:0 a.m.38 views

Medium: java-17-amazon-corretto

Issue Overview: Title: Wider MultiByte conversions Buffer overflow is possible due to incorrect byte count should be character count. CVE-2022-21618 Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are serialized ...

5.3CVSS6.5AI score0.02376EPSS
Exploits0
Amazon
Amazon
added 2022/10/21 12:0 a.m.67 views

Medium: java-11-amazon-corretto

Issue Overview: Title: Wider MultiByte conversions Buffer overflow is possible due to incorrect byte count should be character count. CVE-2022-21618 Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are serialized ...

5.3CVSS6.5AI score0.02376EPSS
Exploits0
NVD
NVD
added 2022/10/06 6:17 p.m.27 views

CVE-2022-41556

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

7.5CVSS0.02792EPSS
Exploits4References5
Prion
Prion
added 2022/10/06 6:17 p.m.276 views

Design/Logic Flaw

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

5CVSS7.1AI score0.02792EPSS
Exploits4References5Affected Software2
Cvelist
Cvelist
added 2022/10/06 12:0 a.m.48 views

CVE-2022-41556

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

7.4AI score0.02792EPSS
Exploits4References5
CVE
CVE
added 2022/10/06 12:0 a.m.538 views

CVE-2022-41556

CVE-2022-41556 affects lighttpd 1.4.56–1.4.66, describing a resource leak in gw_backend.c that can cause denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior, related to RDHUP mishandling in certain HTTP/1.1 chunked scenarios (mod_fastcgi also affected). T...

7.5CVSS7AI score0.02792EPSS
Exploits4References5Affected Software1
Debian CVE
Debian CVE
added 2022/10/06 12:0 a.m.127 views

CVE-2022-41556

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

7.5CVSS7.3AI score0.02792EPSS
Exploits4
AlpineLinux
AlpineLinux
added 2022/10/06 12:0 a.m.105 views

CVE-2022-41556

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

7.5CVSS7.2AI score0.02792EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2022/10/03 12:0 a.m.74 views

Ubuntu 22.04 LTS : Twisted vulnerability (USN-5576-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5576-1 advisory. It was discovered that Twisted incorrectly parsed some types of HTTP requests in its web server implementation. In certain proxy or multi-server configurations, a...

8.1CVSS7.7AI score0.028EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/28 7:32 p.m.51 views

CVE-2022-3215

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...

7.8AI score0.00556EPSS
Exploits0References1
OSV
OSV
added 2022/09/28 7:32 p.m.28 views

CVE-2022-3215

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...

7.5CVSS7.1AI score0.00556EPSS
Exploits0References3
Fedora
Fedora
added 2022/09/12 5:53 p.m.36 views

[SECURITY] Fedora 37 Update: rubygem-puma-5.6.5-1.fc37

Puma is a simple, fast, threaded, and highly parallel HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly parallel Ruby implementations such as Rubinius and JRuby as well as as providing process worker support...

9.1CVSS0.3AI score0.0214EPSS
Exploits0
Rows per page
Query Builder