Lucene search
+L

169 matches found

Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.11 views

PT-2025-16239

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw was found in the implementation of HTTP range requests in libsoup, making it vulnerable to a resource consumption attack. This allows a malicious client to request the same range many...

7.8CVSS6.6AI score0.0065EPSS
Exploits0References169
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.40 views

Rocky Linux 8 : squid:4 (RLSA-2021:4292)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4292 advisory. - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a...

7.5CVSS6.8AI score0.95785EPSS
Exploits5References15
Amazon
Amazon
added 2023/09/25 12:0 a.m.7 views

Important: firefox

Issue Overview: The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird 91.9. CVE-2022-29913 A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describe...

9.8CVSS9.9AI score0.01055EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Medium: squid

Issue Overview: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. CVE-2021-28116 An issue was discovered in Squid...

7.5CVSS8AI score0.95785EPSS
Exploits5
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.4 views

SUSE CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS7.4AI score0.09513EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-31736

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

7.5CVSS8.8AI score0.01055EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.1 views

SUSE CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

5.9CVSS6.4AI score0.01626EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.3 views

SUSE CVE-2022-45403

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...

6.5CVSS7.6AI score0.00696EPSS
Exploits0References8
Prion
Prion
added 2023/02/09 8:15 p.m.29 views

Denial of service

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

5CVSS7.2AI score0.01626EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/02/09 8:15 p.m.1 views

UBUNTU-CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

7.5CVSS6.6AI score0.01626EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/01/18 6:19 p.m.30 views

Denial of service via header parsing in Rack

There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570. Versions Affected: = 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.0.1 Impact Carefully crafted inp...

7.5CVSS7.4AI score0.01626EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/12/22 8:15 p.m.2 views

DEBIAN-CVE-2022-45403

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...

6.5CVSS7.5AI score0.00696EPSS
Exploits0References1
NVD
NVD
added 2022/12/22 8:15 p.m.19 views

CVE-2022-45403

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...

6.5CVSS0.00696EPSS
Exploits0References4
NVD
NVD
added 2022/12/22 8:15 p.m.22 views

CVE-2022-31736

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

9.8CVSS0.01055EPSS
Exploits0References4
OSV
OSV
added 2022/12/22 8:15 p.m.9 views

CVE-2022-31736

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

9.8CVSS8.9AI score
Exploits0References4
OSV
OSV
added 2022/12/22 8:15 p.m.2 views

DEBIAN-CVE-2022-31736

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

9.8CVSS8.5AI score0.01055EPSS
Exploits0References1
Prion
Prion
added 2022/12/22 8:15 p.m.21 views

Cross site scripting

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

7.5CVSS8.8AI score0.01055EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2022/12/22 12:0 a.m.465 views

CVE-2022-31736

CVE-2022-31736 is a cross-origin length disclosure in Mozilla products: a malicious site could learn the length of a cross-origin resource that supports Range requests. Affected are Thunderbird < 91.10, Firefox < 101, and Firefox ESR

9.8CVSS8.9AI score0.01055EPSS
Exploits0References4Affected Software3
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.6 views

CVE-2022-31736

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

6.5AI score0.01055EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.20 views

CVE-2022-31736

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

9.2AI score0.01055EPSS
Exploits0References4
Rows per page
Query Builder