EUVD-2023-46197

Malicious code in bioql PyPI...

CVE-2023-41705

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a...

CVE-2021-21317

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to...

CVE-2020-5243

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent...

Log Injection

Envoy Gateway is vulnerable to Log Injection. The vulnerability is due to improper log handling due to the use of a default Envoy Proxy access log configuration, allowing attackers to craft user-agent strings that inject and overwrite fields in the access log...

CVE-2023-41705

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a...

Open-Xchange App Suite Security Vulnerability

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that stems from unrestricted processing of user-defined DAV user agent strings, which may have reduced usability...

PT-2024-12963 · Unknown · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite affected versions not specified Description: The issue arises from the processing of user-defined DAV user-agent strings not being limited, which could lead to a high processing load and reduce the availability of OX App Suite. T...

Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity

The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the...

Tips & Tricks for Unmasking Ghoulish API Behavior

I was analyzing one of my customer’s API traffic the other day and I noticed something odd about the devices that were using the mobile application API. I found standard browsers like Firefox and Chrome hitting API endpoints that should only be touched by their mobile-application communication. I...

PT-2020-6059 · Github · Ua-Parser-Js

Name of the Vulnerable Software and Affected Versions: ua-parser-js versions prior to 0.7.22 Description: The issue is related to an uncontrolled resource consumption vulnerability in the ua-parser-js library. It may allow a remote attacker to cause a denial of service. The vulnerability is due t...

GHSA-PCQQ-5962-HVCW Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....

CVE-2020-5243

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent...

CVE-2020-5243

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent...

CVE-2020-5243

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent...

Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to gt;=...

GHSA-CMCX-XHR8-3W9P Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to gt;=...

CVE-2020-5243

CVE-2020-5243 describes a denial-of-service vulnerability in uap-core before 0.7.3, where processing crafted User-Agent strings triggers overlapping capture group REGEX backtracking (REDoS). The issue affects the library’s User-Agent parsing, allowing remote attackers to overload a server by send...

UA-Parser Denial Of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-SEC GmbH Security Advisory: X41-2018-009 ReDoS Vulnerability in UA-Parser ================================ Severity Rating: Medium Confirmed Affected Versions: 2015-05-14 and newer, commit 6fd6c261274254bcbbacd77ef4b12534c7f9923d Confirmed...

Vigin Media Hub 3.0 Denial Of Service

Exploit Title: Virgin Media Hub 3.0 Router - Denial of Service PoC Google Dork: N/A Date: 2018-11-03 Exploit Author: Ross Inman Vendor Homepage: https://www.broadbandchoices.co.uk/guides/hardware/virgin-media-broadband-routers Software Link: N/A Version: Virgin Media Hub 3.0 Tested on: Linux CVE ...