29 matches found
DEBIAN-CVE-2025-46727
Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...
Heap-based Buffer Overflow
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters. Remediation A fix was...
Allocation of Resources Without Limits or Throttling
Overview BouncyCastle is a C implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the solveQuadraticEquation function used for certificate verification in ECCurve.java. Passing a large f2m parameter...
jose4j Security Vulnerabilities
jose4j is a powerful and easy-to-use open source implementation of the JSON Web Token JWT and JOSE specification suite JWS, JWE, and JWK open sourced from Bitbucket . A security vulnerability exists in jose4j versions prior to 0.9.4, which stems from a vulnerability that allows an attacker to cau...
PT-2026-5402
Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow where servlets utilizing a method that calls HttpServletRequestImpl.getParameterNames may experience an OutOfMemoryError when handling client requests with...
Rack vulnerable to Denial of Service via large parameter depth request
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...
DEBIAN-CVE-2015-5309
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an ECH erase characters escape sequence with a large parameter value, which triggers a buffer underflow...
Updated ruby-rack packages fix CVE-2015-3225
Updated ruby-rack packages fix security vulnerability: lib/rack/utils.rb in Rack before 1.5.4 allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth CVE-2015-3225...
CVE-2015-3225
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...