Lucene search
K

29 matches found

OSV
OSV
added 2025/05/07 11:15 p.m.1 views

DEBIAN-CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

7.5CVSS6.5AI score0.00911EPSS
Exploits0References1
Snyk
Snyk
added 2025/02/19 11:15 p.m.5 views

Heap-based Buffer Overflow

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters. Remediation A fix was...

8.8CVSS6.8AI score0.00657EPSS
Exploits0References2
Snyk
Snyk
added 2024/04/11 8:6 a.m.3 views

Allocation of Resources Without Limits or Throttling

Overview BouncyCastle is a C implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the solveQuadraticEquation function used for certificate verification in ECCurve.java. Passing a large f2m parameter...

7.5CVSS6.9AI score0.011EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.4 views

jose4j Security Vulnerabilities

jose4j is a powerful and easy-to-use open source implementation of the JSON Web Token JWT and JOSE specification suite JWS, JWE, and JWK open sourced from Bitbucket . A security vulnerability exists in jose4j versions prior to 0.9.4, which stems from a vulnerability that allows an attacker to cau...

6.5CVSS6.8AI score0.00879EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.4 views

PT-2026-5402

Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow where servlets utilizing a method that calls HttpServletRequestImpl.getParameterNames may experience an OutOfMemoryError when handling client requests with...

7.5CVSS5.9AI score0.00575EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.29 views

Rack vulnerable to Denial of Service via large parameter depth request

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...

5CVSS6.1AI score0.07778EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2015/12/07 8:59 p.m.2 views

DEBIAN-CVE-2015-5309

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an ECH erase characters escape sequence with a large parameter value, which triggers a buffer underflow...

4.3CVSS8.4AI score0.03467EPSS
Exploits0References1
Mageia
Mageia
added 2015/09/08 5:55 p.m.37 views

Updated ruby-rack packages fix CVE-2015-3225

Updated ruby-rack packages fix security vulnerability: lib/rack/utils.rb in Rack before 1.5.4 allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth CVE-2015-3225...

5CVSS6.2AI score0.07778EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/07/26 10:0 p.m.31 views

CVE-2015-3225

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...

6.2AI score0.07778EPSS
Exploits0References11
Rows per page
Query Builder