89 matches found
CLEANSTART-2026-BM78291 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU
Multiple security vulnerabilities affect the dex package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. See references for individual vulnerability details...
CLEANSTART-2026-SQ76279 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU
Multiple security vulnerabilities affect the dex package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. See references for individual vulnerability details...
CLEANSTART-2026-KN74022 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU
Security vulnerability affects the local-static-provisioner-fips package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42504)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42504 advisory. - Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume...
Allocation of Resources Without Limits or Throttling
Overview std/mime is a Go standard library package std/mime Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from decoding maliciously constructed MIME headers containing numerous invalid encoding...
FreeBSD : zeek -- potential DoS vulnerability (e665f0a2-fe6d-44b0-ba9e-d383f055a8a3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e665f0a2-fe6d-44b0-ba9e-d383f055a8a3 advisory. Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP coul...
zeek -- potential DoS vulnerability
Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP could cause Zeek to use large amounts of memory and potentially crash...
CVE-2026-42037
A flaw was found in Axios, an HTTP client for Node.js. A remote attacker, by controlling the type property of a file-like object, could inject arbitrary MIME part headers into multipart form data. This vulnerability arises from insufficient sanitization of carriage return and line feed CRLF...
Axios 注入漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.0.0 to 1.15.1 had a injection vulnerability. This vulnerability stemmed from the FormDataPart constructor function, which directly inserted the value.type into the Content-Type header without clearing the CRLF...
CVE-2026-27443
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
PT-2026-22889
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
zeek -- potential DoS vulnerability
Tim Wojtulewicz of Corelight reports: Zeek's HTTP analyzer can be tricked into interpreting Transfer-Encoding or Content-Length headers set in MIME entities within HTTP bodies and change the analyzer behavior...
CVE-2025-20360
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are...
CVE-2025-20359 Multiple Cisco Products Snort 3 MIME Information Disclosure or Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer...
CVE-2025-20359 Multiple Cisco Products Snort 3 MIME Information Disclosure or Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer...
EUVD-2006-2160
Malware in sbrugna...
EUVD-1999-0907
Malware in sbrugna...
EUVD-1999-1180
Malware in sbrugna...
EUVD-1999-0906
Malware in sbrugna...