60 matches found
Improper Handling of Length Parameter Inconsistency
Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via improper validation of the leconnrsp process. An attacker can cause information disclosure, data manipulation, or denial of service by sending specially crafted Bluetooth connectio...
Zephyr 安全漏洞
Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr that stems from a BLE connection response handler function that does not validate whether a response is expected and relies only on identifier matching...
CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...
PT-2025-30267 · Recursor +1 · Recursor +1
Name of the Vulnerable Software and Affected Versions: versions prior to the updated version Description: An attacker spoofing responses to ECS-enabled requests sent by the Recursor may succeed. The updated version includes mitigations against spoofing attempts of ECS-enabled queries by chaining...
CVE-2025-5996 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service...
DRUPAL-CONTRIB-2025-030
This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...
USN-7309-1: Ruby SAML vulnerabilities
It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker could use this vulnerability to log in as an abitrary user. This issue only affected Ubuntu 16.04 LTS. CVE-2016-5697 It was discovered that Ruby SAML incorrectly utilized the results of XML DOM...
SUSE-SU-2025:20090-1 Security update for cups
This update for cups fixes the following issues: - Version upgrade to 2.4.11: See https://github.com/openprinting/cups/releases CUPS 2.4.11 brings several bug fixes regarding IPP response validation, processing PPD values, Web UI support checkbox support, modifying printers and others fixes...
SUSE CVE-2024-53059
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwlmvmsendrecoverycmd 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwlmvmsendcmdstatus, which handles...
MantisBT Admin SQL Injection Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MantisBT Admin SQL Injection Arbitrary File Read", 'Description' = %q Versions 1.2.13 through 1.2.16 are vulnerable to a SQL injection attack if ...
Improper Response Validation
dnsjava is vulnerable to Improper Response Validation. The vulnerability is due to records in DNS replies not being checked for their relevance to the query, allowing an attacker to respond with RRs from different zones...
CVE-2024-3323
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...
CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...
CVE-2024-3323
CVE-2024-3323 affects TIBCO JasperReports Server versions 8.0.4 and 8.2.0 (UI Request/Response Validation). The issue is a reflected Cross-Site Scripting vulnerability that allows injection of malicious scripts into a trusted app, potentially stealing a user’s active session cookie when a user cl...
CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...
CVE-2024-26811 ksmbd: validate payload size in ipc response
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid...
CVE-2023-50069
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...
CVE-2023-48431
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the...
Siemens SINEC INS Code Issue Vulnerability
Siemens SINEC INS is a software from Siemens Germany that provides centralized services for network infrastructure. A code issue vulnerability exists in Siemens SINEC INS that stems from an inability to properly validate responses received by the UMC server...
PT-2023-28147 · Sustainsys +1 · Sustainsys.Saml2 +1
Name of the Vulnerable Software and Affected Versions: Sustainsys.Saml2 versions prior to 1.0.3 Sustainsys.Saml2 versions prior to 2.9.2 Description: The Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. When a response is...