169 matches found
PT-2025-16239
Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw was found in the implementation of HTTP range requests in libsoup, making it vulnerable to a resource consumption attack. This allows a malicious client to request the same range many...
Rocky Linux 8 : squid:4 (RLSA-2021:4292)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4292 advisory. - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a...
Important: firefox
Issue Overview: The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird 91.9. CVE-2022-29913 A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describe...
Medium: squid
Issue Overview: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. CVE-2021-28116 An issue was discovered in Squid...
SUSE CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
SUSE CVE-2022-31736
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
SUSE CVE-2022-44570
A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...
SUSE CVE-2022-45403
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...
Denial of service
A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...
UBUNTU-CVE-2022-44570
A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...
Denial of service via header parsing in Rack
There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570. Versions Affected: = 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.0.1 Impact Carefully crafted inp...
DEBIAN-CVE-2022-45403
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...
CVE-2022-45403
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...
CVE-2022-31736
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
CVE-2022-31736
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
DEBIAN-CVE-2022-31736
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
Cross site scripting
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
CVE-2022-31736
CVE-2022-31736 is a cross-origin length disclosure in Mozilla products: a malicious site could learn the length of a cross-origin resource that supports Range requests. Affected are Thunderbird < 91.10, Firefox < 101, and Firefox ESR
CVE-2022-31736
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
CVE-2022-31736
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...