18 matches found
Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass
Summary Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET request can silently become a DELETE or PUT, enabling CSRF...
smolagents 安全漏洞
smolagents is a basic library for agents, open-sourced by Hugging Face. Version 1.24.0 of smolagents contains a security vulnerability. This vulnerability stems from improper request handling in the LocalPythonExecutor component, which may lead to server-side request forgeing attacks...
CLSA-2025-1757666519 xorg-x11-server: Fix of CVE-2025-49178
CVE-2025-49178: fix request handling flaw causing potential denial of service...
CLSA-2025-1757662405 xorg-x11-server: Fix of CVE-2025-49178
CVE-2025-49178: fix request handling flaw causing potential denial of service...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...
AZL-64230 CVE-2025-49178 affecting package xorg-x11-server for versions less than 1.20.10-16
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...
The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent arises from the lack of protective measures for the request structure, allowing a perpetrator to execute arbitrary code.
The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the GLPI system’s request and incident handling functionality lies in the lack of HTML tag neutralization during website generation. This allows attackers to carry out cross-site scripting attacks.
The vulnerability of the GLPI system’s request and incident handling functionality relates to the absence of HTML tag neutralization during the generation of web pages. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks...
OESA-2022-2164 trafficserver security update
Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse,forward and transparent proxy and cache. Security Fixes: Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain...
The vulnerability of the WSGI server for Python Waitress, related to HTTP request processing flaws, allows attackers to compromise data integrity.
The vulnerability of the WSGI server for Python Waitress is related to the improper handling of the recurring Content-Length header. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...
The vulnerability of the DNS server Dnsmasq, related to errors in the implementation of security checks for standard elements, allows attackers to compromise the integrity of the protected information.
The vulnerability of the Dnsmasq DNS server lies in the lack of checking for requests with the same name. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...
The vulnerability of Microsoft Edge browser, related to errors in request handling mechanisms, allows attackers to disclose protected information.
The vulnerability of Microsoft Edge relates to errors in the request processing mechanism. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information through a specially crafted web page...