70 matches found
CVE-2025-46727
Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...
CVE-2025-46727 Unbounded-Parameter DoS in Rack::QueryParser
Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...
Qualcomm Chipsets 缓冲区错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A buffer error vulnerability exists in Qualcomm Chipsets, which arises from memory corruption due to a buffer significantly exceeding the command parameter limit when processing an IOCTL request...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed a shift-out-of-bounds issue in dctcpupdatealpha. In dctcpupdatealpha, we use a module parameter dctcpshiftg as follows: alpha -= minnotzeroalpha, alpha dctcpshiftg; ... deliveredce...
SUSE CVE-2024-34703
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameter...
ALPINE-CVE-2024-34703
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameter...
CVE-2021-27707
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.179502CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without...
Liberapay: Buffer overflow
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an arra...
CVE-2016-9490 ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also...
PT-2018-18916 · Openresty · Openresty
Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.13.6.1 and earlier Description: The issue arises from how OpenResty obtains URI parameters using the ngx.req.get uri args and ngx.req.get post args functions, which ignore parameters beyond the hundredth one. This might...