13 matches found
Astra Linux - уязвимость в ceph
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
rgw: RGW DoS attack with empty HTTP header in S3 object copy
A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...
GHSA-FC6G-2GCP-2QRQ RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers
Summary IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. Details - Vulnerable code: rustfs/src/auth.rs:289-304 sets...
CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
EUVD-2024-55069
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
rgw: RGW DoS attack with empty HTTP header in S3 object copy
A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...
CVE-2025-54331
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Untrusted Pointer Dereference of srchdr in the copyncpheader function...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Peercast buffer overflow
Buffer overflow in HTTP Basic authentication and on SOURCE header parsing...
CVE-2006-5156
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header...
CVE-2006-5156
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header...
McAfee ePolicy Orchestrator HTTP Server Source Header Remote Overflow
Binary data 3766.prm...