Lucene search
K

34 matches found

OSV
OSV
added 2026/06/15 5:19 p.m.9 views

GHSA-VMF3-W455-68VH node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...

6.9CVSS5.5AI score0.00107EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.17 views

NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2025-0240)

The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple vulnerabilities: - Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue...

9.8CVSS6AI score0.94999EPSS
Exploits15References25
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.10 views

PT-2025-34103 · Undefined · Undefined

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception...

8.6CVSS8.1AI score0.00749EPSS
Exploits0References6
OSV
OSV
added 2025/03/21 10:15 p.m.5 views

AZL-59180 CVE-2025-30204 affecting package moby-engine for versions less than 25.0.3-12

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References1
Veracode
Veracode
added 2023/10/24 2:58 a.m.34 views

Buffer Overflow

libz.so is vulnerable to Buffer Overflow. The vulnerability is present due to the absence of length checks in the filename, extrafield, and comment parameters within the zip.c. This oversight enables an attacker to trigger an integer overflow, leading to a heap-based buffer overflow in the...

9.8CVSS7.5AI score0.02918EPSS
Exploits0References13Affected Software5
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.3 views

SUSE CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

6.4CVSS7.4AI score0.84784EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.5 views

SUSE CVE-2006-4434

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service crash via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of...

7.5CVSS7.2AI score0.04328EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.3 views

SUSE CVE-2009-1490

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header...

5CVSS8.2AI score0.12614EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0272

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header...

6.8CVSS8.2AI score0.0286EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.4 views

SUSE CVE-2016-2515

Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service CPU consumption or partial outage via a long 1 header or 2 URI that is matched against an improper regular expression...

7.8CVSS8.9AI score0.0337EPSS
Exploits0References3
Gitee
Gitee
added 2021/08/06 1:49 p.m.8 views

Exploit for Classic Buffer Overflow in Microsoft

PoC exploit for CVE-2017-7269, a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2. The exploit is implemented as a Metasploit module, which can be used to execute arbitrary code vi...

10CVSS8.3AI score0.99823EPSS
Exploits39
CNVD
CNVD
added 2020/07/02 12:0 a.m.3 views

Envoy Resource Management Error Vulnerability (CNVD-2020-51750)

Envoy is an open source distributed proxy server . A resource management error vulnerability exists in Envoy versions 1.14.2 and earlier, 1.13.2 and earlier, and 1.12.4 and earlier. An attacker can exploit the vulnerability by consuming large amounts of memory with requests with HTTP/1.1 headers...

7.5CVSS6.9AI score0.01448EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/01 6:46 p.m.7 views

envoy: Resource exhaustion when processing HTTP/1.1 headers with long field names

An uncontrolled resource consumption vulnerability was found in Envoy. This flaw allows an attacker to craft many HTTP requests with long field names or URLs to cause the proxy to consume excessive amounts of memory, potentially resulting in a denial of service. The highest threat from this...

7.5CVSS7.1AI score0.01448EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2018/09/25 12:0 a.m.34 views

PHPMailer < 1.73 Long Header DoS Vulnerability

PHPMailer is prone to a denial of service DoS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

5CVSS6.7AI score0.04499EPSS
Exploits1References2
CNVD
CNVD
added 2018/06/15 12:0 a.m.6 views

Useragent Denial of Service Vulnerability

Useragent is a user agent parser that parses user agent strings by matching browsers with specialized regular expressions. A security vulnerability exists in Useragent 2.1.12 and earlier versions, which stems from the program's use of regular expressions to parse user agent packet headers. The...

7.5CVSS7.4AI score0.01162EPSS
Exploits1References1
OSV
OSV
added 2018/06/04 7:29 p.m.5 views

CVE-2017-16030

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...

7.5CVSS5.8AI score0.01162EPSS
Exploits1References1
CNVD
CNVD
added 2016/04/15 12:0 a.m.3 views

Hawk Denial of Service Vulnerability

Hawk is a set of HTTP authentication schemes that use Message Authentication Code MAC algorithms in order to provide cryptographic authentication of localized HTTP requests. A denial-of-service vulnerability exists in Hawk versions prior to 3.1.3 and 4.x prior to 4.1.1, which can be exploited by...

7.8CVSS7.8AI score0.0337EPSS
Exploits0References1
NVD
NVD
added 2014/09/30 4:55 p.m.23 views

CVE-2014-4728

The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router TL-WDR4300 with firmware before 140916 allows remote attackers to cause a denial of service crash via a long header in a GET request...

5CVSS6.6AI score0.01794EPSS
Exploits3References6
Prion
Prion
added 2014/09/30 4:55 p.m.17 views

Cross site request forgery (csrf)

The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router TL-WDR4300 with firmware before 140916 allows remote attackers to cause a denial of service crash via a long header in a GET request...

5CVSS7.2AI score0.01794EPSS
Exploits3References6Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Centrinity FirstClass 5.77 0 Intranet Server Long Header Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1421/info If an E-mail containing an excessively long To: field in the header 1.5 MB is processed by First Class Intranet Services FCIS, a Denial of Service can occur. http://www.exploit-db.com/sploits/20052.tar.gz...

7.1AI score
Exploits0
Rows per page
Query Builder