35 matches found
Cloud Based WAF Upload Scan and Control: The New Standard for File Upload Security
We're excited to announce the launch of Upload Scan and Control, an essential new feature for Imperva Cloud WAF. This add-on tackles one of the most critical vulnerabilities facing web applications today—insecure file uploads—offering protection with scalability, simplicity, and enterprise-grade...
EUVD-2015-1557
Malware in sbrugna...
PT-2025-17575 · Unknown · Cuba Platform
Name of the Vulnerable Software and Affected Versions: CUBA Platform versions prior to 7.2.23 Description: The local file storage implementation in CUBA Platform does not restrict the size of uploaded files, allowing an attacker to upload excessively large files. This could cause the server to ru...
Denial Of Service
github.com/expr-lang/expr is vulnerable to Denial of Service. The vulnerability is due to the absence of input size restrictions, allowing the parser to process arbitrarily large expressions...
Denial Of Service (DoS)
Mattermost is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient file size restrictions on Slack import file uploads, allowing a user to exploit this by uploading a zip bomb...
Denial Of Service (DoS)
org.apache.cxf: cxf-rt-rs-security-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to missing size restrictions in the p2c PBES2 count parameter, which allows an attacker to perform a Denial Of Service attack by specifying a large value for this parameter in a token...
Memory Exhaustion
braces is vulnerable to Memory Exhaustion. The vulnerability is due to improper input size restrictions, which allows an attacker to cause a Denial of Service DoS via crafted large imbalanced input to the braces method, leading to memory exhaustion and eventual application crash...
springframework: Spring Expression DoS Vulnerability
A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server...
K17130: Linux kernel vulnerability CVE-2015-1420
Security Advisory Description Race condition in the handletopath function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handlebytes value of a file handle during...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox, which stems from the application's lack of restrictions and filters on the size of pop-up windows. The vulnerability can be exploited by attackers to conduct obfuscation ...
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
Bzip2Decoder doesn't allow setting size restrictions for decompressed data
Impact The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack Workarounds No...
ALPINE-CVE-2021-31618
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...
Denial Of Service (DoS)
com.liferay.portal.vulcan.impl is vulnerable to denial of service DoS. The vulnerability exists as it does not place any file size restrictions when handling Multipart/form-data requests...
CVE-2020-6293
SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...
Unrestricted file upload
SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...
CVE-2020-6293
SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...