186 matches found
UBUNTU-CVE-2025-47908
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...
CVE-2025-47908
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...
CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...
CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...
Go CORS handler 安全漏洞
Go CORS handler is a configurable handler for handling CORS requests by the individual developer Olivier Poitrey. A security vulnerability exists in Go CORS handler that stems from a potential over-allocation of heap when handling malicious preflight requests, which could lead to a denial of...
SUSE CVE-2025-8036
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2025-8036
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2025-8036
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2025-8036
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
UBUNTU-CVE-2025-8036
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2025-8036
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2025-8036
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
Security Vulnerabilities fixed in Firefox ESR 140.1 — Mozilla
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...
Mozilla -- CORS circumvention
[email protected] reports: Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding...
SUSE CVE-2023-34049
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script wi...
Salt 安全漏洞
Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. Salt has a security vulnerability that stems from the Salt-SSH preflight option copying scripts to predictable paths to the target, which allows an attacker to forc...
PT-2024-9154 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 Nextcloud Server versions prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8 Nextcloud Enterprise Server versions prior to 28.0.10 Nextcloud Enterprise Server versions prior to...
Denial Of Service (DoS)
github.com/rs/cors is vulnerable to Denial of Service DoS. The vulnerability is due to excessive heap allocations when processing malicious preflight requests that include an Access-Control-Request-Headers ACRH header with many commas, which allows attackers can cause undue stress on the...
Denial of service via malicious preflight requests in github.com/rs/cors
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...
Exploit for Embedded Malicious Code in Tukaani Xz
ansible-CVE-2024-3094 Ansible playbooks designed to check and...