EUVD-2014-0518

Malware in sbrugna...

CVE-2024-36107 Information disclosure in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

CVE-2024-36107 Information disclosure in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

CVE-2024-36107 Information disclosure in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

MinIO 安全漏洞

MinIO is a high-performance object storage service released under the GNU Affero General Public License v3.0. A security vulnerability exists in version MinIO RELEASE.2022-10-02T19-29-29Z, which stems from the disclosure of information about the presence of If-Modified-Since, If-Unmodified-Since...

The vulnerability of the lighttpd web server arises from the execution of operations beyond the buffer in memory, allowing an attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected information.

The vulnerability of the lighttpd web server arises from the issue of operations going beyond the buffer in memory when comparing values of the If-Modified-Since header fields. Exploiting this vulnerability allows a remote attacker to bypass the ASLR protection mechanism and gain unauthorized...

The vulnerability of the lighttpd web server arises from the execution of operations beyond the buffer in memory, allowing an attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected information.

The vulnerability of the lighttpd web server arises from the issue of operations going beyond the buffer in memory when comparing values of the If-Modified-Since header fields. Exploiting this vulnerability allows a remote attacker to bypass the ASLR protection mechanism and gain unauthorized...

The vulnerability of the lighttpd web server arises from the execution of operations beyond the buffer in memory, allowing an attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected information.

The vulnerability of the lighttpd web server arises from the issue of operations going beyond the buffer in memory when comparing values of the If-Modified-Since header fields. Exploiting this vulnerability allows a remote attacker to bypass the ASLR protection mechanism and gain unauthorized...

CVE-2018-15504

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11...

CVE-2018-15504

CVE-2018-15504 affects Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The issue is a NULL pointer dereference caused by mishandling HTTP time-related request fields, demonstrated by If-Modified-Since or If-Unmodified-Since with a month value >11. This can lead to denial of service. Th...

PT-2018-2957 · Embedthis +1 · Appweb +2

Name of the Vulnerable Software and Affected Versions: Embedthis GoAhead versions prior to 4.0.1 Embedthis Appweb versions prior to 7.0.2 Description: The issue is related to errors in handling HTTP requests. Exploitation of this issue may allow a remote attacker to cause a denial of service. The...

hapi node module denial of service vulnerability

The hapi node module is a server framework for Node.js. The framework supports input validation, caching, authentication and more. A security vulnerability exists in hapi node module versions prior to 11.1.3. An attacker exploits the vulnerability to cause a denial of service socket exhaustion wi...

ecstatic node module denial of service vulnerability

ecstatic node module is a http cooperative static file server middleware . A security vulnerability exists in ecstatic node module versions prior to 1.4.0. An attacker can exploit this vulnerability to cause a denial of service crash by sending input with the help of the If-Modified-Since packet...

Denial of Service in hapi

Versions of hapi prior to 11.1.3 are affected by a denial of service vulnerability. The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers. This causes an 'illegal access' exception to be raised, and instead of sending a HTTP 500 error back...

Denial of Service in ecstatic

Versions of ecstatic prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the Last-Modified or If-Modified-Since headers. Parsing certain inputs with new Date or Date.parse cases v8 to crash. As ecstatic passes the value of the affected headers...

Denial Of Service (DoS)

ecstatic is vulnerable to denial of service DoS through Socket Exhaustion. When the input with new Date or Date.parse is passed through the If-Modified-Since or Last-Modified headers, it may crash the application...

CVE-2015-9242

Certain input strings when passed to new Date or Date.parse in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header...

CVE-2015-9241

Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out default node timeout is 2...

CVE-2015-9242

Certain input strings when passed to new Date or Date.parse in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header...

CVE-2015-9242

CVE-2015-9242 concerns the ecstatic Node.js module. The vulnerability affects versions before 1.4.0 and is triggered when certain input strings are passed via the Last-Modified or If-Modified-Since headers, causing v8 to crash and enabling a denial-of-service condition on the server. The issue st...