SUSE SLES12 Security Update : gegl (SUSE-SU-2026:1479-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1479-1 advisory. This update for gegl fixes the following issue: - CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lea...

GHSA-GCQF-3G44-VC9P [actix-files] Panic triggered by empty Range header in GET request for static file

Summary A GET request for a static file served by actix-files with an empty Range header triggers a panic. With panic = "abort", a remote user may crash the process on-demand. Details actix-files assumes that HttpRange::parse, when Ok, always returns a vector with at least one element. When parse...

Regular Expression Denial of Service (ReDoS)

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the FileResponse.parserangeheader method. An attacker can exhaust server CPU resources by sending a specially crafted HTTP Range header...

Starlette 安全漏洞

Starlette is a lightweight ASGI framework/toolkit open-sourced by Encode. It is ideal for building asynchronous web services in Python. Starlette 0.49.1 before the version of a security vulnerability , the vulnerability stems from the FileResponse Range parsing merge logic has a secondary time...

rubygem-rack: Possible DoS Vulnerability with Range Header in Rack

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Range Header. Carefully crafted range headers can cause a server to respond with an unexpectedly large response. Responding with large responses could lead to a denial of service issue...

CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

Denial Of Service (DoS)

get-ip-range is vulnerable to denial of service DoS. The vulnerability exists when parsing a large IP range such as 128.0.0.0/1...

curl: URL globbing out of bounds read

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a...

CVE-2017-1000101

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a...

Eaton ELCSoft Out-of-Bounds Write Remote Code Execution Vulnerability

The Eaton ELCSoft programmable logic control software runs on a PC and can help configure the ELC controller. An out-of-bounds write remote code execution vulnerability exists in Eaton ELCSoft Device Comment Range Parsing, which results in a lack of proper validation of user-supplied data, leadin...