Lucene search
K

35 matches found

Imperva Blog
Imperva Blog
added 2026/02/23 5:45 p.m.15 views

Cloud Based WAF Upload Scan and Control: The New Standard for File Upload Security

We're excited to announce the launch of Upload Scan and Control, an essential new feature for Imperva Cloud WAF. This add-on tackles one of the most critical vulnerabilities facing web applications today—insecure file uploads—offering protection with scalability, simplicity, and enterprise-grade...

6.1AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-1557

Malware in sbrugna...

1.9CVSS7.7AI score0.00362EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.4 views

PT-2025-17575 · Unknown · Cuba Platform

Name of the Vulnerable Software and Affected Versions: CUBA Platform versions prior to 7.2.23 Description: The local file storage implementation in CUBA Platform does not restrict the size of uploaded files, allowing an attacker to upload excessively large files. This could cause the server to ru...

6.5CVSS6AI score0.00563EPSS
Exploits0References23
Veracode
Veracode
added 2025/03/21 9:11 a.m.6 views

Denial Of Service

github.com/expr-lang/expr is vulnerable to Denial of Service. The vulnerability is due to the absence of input size restrictions, allowing the parser to process arbitrarily large expressions...

7.5CVSS6.6AI score0.00577EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/26 6:35 a.m.7 views

Denial Of Service (DoS)

Mattermost is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient file size restrictions on Slack import file uploads, allowing a user to exploit this by uploading a zip bomb...

6.5CVSS6.5AI score0.00416EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/07/21 1:53 p.m.23 views

Denial Of Service (DoS)

org.apache.cxf: cxf-rt-rs-security-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to missing size restrictions in the p2c PBES2 count parameter, which allows an attacker to perform a Denial Of Service attack by specifying a large value for this parameter in a token...

7.5CVSS6.9AI score0.01269EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2024/06/03 6:25 a.m.25 views

Memory Exhaustion

braces is vulnerable to Memory Exhaustion. The vulnerability is due to improper input size restrictions, which allows an attacker to cause a Denial of Service DoS via crafted large imbalanced input to the braces method, leading to memory exhaustion and eventual application crash...

7.5CVSS6.2AI score0.01471EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/03 2:5 p.m.5 views

springframework: Spring Expression DoS Vulnerability

A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server...

6.5CVSS7.1AI score0.01122EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2023/02/21 6:19 p.m.38 views

K17130: Linux kernel vulnerability CVE-2015-1420

Security Advisory Description Race condition in the handletopath function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handlebytes value of a file handle during...

1.9CVSS7.3AI score0.00362EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.1 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox, which stems from the application's lack of restrictions and filters on the size of pop-up windows. The vulnerability can be exploited by attackers to conduct obfuscation ...

6.5CVSS7.7AI score0.00744EPSS
Exploits0References25
RedHat Linux
RedHat Linux
added 2022/03/22 3:33 p.m.5 views

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS7.4AI score0.05651EPSS
Exploits0References5
NVD
NVD
added 2021/10/19 3:15 p.m.30 views

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...

7.5CVSS0.05651EPSS
Exploits0References13
OSV
OSV
added 2021/10/19 3:15 p.m.36 views

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...

7.5CVSS6.6AI score
Exploits0References13
Debian CVE
Debian CVE
added 2021/10/19 12:0 a.m.43 views

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...

7.5CVSS7.1AI score0.05651EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/09/09 5:11 p.m.96 views

Bzip2Decoder doesn't allow setting size restrictions for decompressed data

Impact The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack Workarounds No...

7.5CVSS8.1AI score0.05651EPSS
Exploits0References19Affected Software3
OSV
OSV
added 2021/06/15 9:15 a.m.2 views

ALPINE-CVE-2021-31618

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

7.5CVSS7.2AI score0.51208EPSS
Exploits0References1
Veracode
Veracode
added 2020/09/23 12:50 a.m.29 views

Denial Of Service (DoS)

com.liferay.portal.vulcan.impl is vulnerable to denial of service DoS. The vulnerability exists as it does not place any file size restrictions when handling Multipart/form-data requests...

6.5CVSS1.9AI score0.02164EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2020/08/12 2:15 p.m.3 views

CVE-2020-6293

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...

6.5CVSS6.9AI score0.00934EPSS
Exploits0References2
Prion
Prion
added 2020/08/12 2:15 p.m.20 views

Unrestricted file upload

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...

6.4CVSS6.6AI score0.00934EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/12 1:22 p.m.27 views

CVE-2020-6293

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...

7.3CVSS6.7AI score0.00934EPSS
Exploits0References2
Rows per page
Query Builder