6 matches found
CVE-2026-34831
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...
EUVD-2014-3655
Malware in sbrugna...
Ruckus Wireless ICX Switches Cross-site Scripting (CVE-2013-6786)
Due to a Cross-site scripting XSS vulnerability, by requesting a nonexistent URI in a crafted HTTP Referrer header, arbitrary web scripts or HTML can be injected to the Ruckus FastIron device's web server. This plugin only works with Tenable.ot. Please visit...
ALPINE-CVE-2023-3316
A NULL pointer dereference in TIFFClose is caused by a failure to open an output file non-existent path or a path that requires permissions like /dev/null while specifying zones...
Design/Logic Flaw
namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service memory exhaustion via vectors that trigger a sandboxed process to look up a large number of nonexistent path names...
CVE-2014-3711
namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service memory exhaustion via vectors that trigger a sandboxed process to look up a large number of nonexistent path names...