EUVD-2022-2579

Malicious code in bioql PyPI...

Regular Expression Denial Of Service (ReDoS)

calibreweb is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing because the stripwhitespaces function allows catastrophic backtracking when processing a specially crafted username parameter during login...

Regular Expression Denial of Service (ReDoS)

Overview calibreweb is a Web app for browsing, reading and downloading eBooks stored in a Calibre database. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the stripwhitespaces function in cps/stringhelper.py file. An attacker can cause the...

Calibre-Web 安全漏洞

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database by Jan B, a personal developer. A security vulnerability exists in Calibre-Web version 0.6.24, which stems from a regular expression denial of service vulnerability in the stripwhitespaces...

Regular Expression Denial Of Service (ReDoS)

async is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the autoinject function, which allows an attacker to slowdown parsing with crafted whitespaces, resulting in Regular Expression Denial of Service ReDoS...

SUSE-SU-2024:2067-1 Security update for xdg-desktop-portal

This update for xdg-desktop-portal fixes the following issues: - CVE-2024-32462: Fix arbitrary code execution outside bwrap sandbox by checking that the first commandline item doesn't start with whitespaces or a hyphen. bsc1223110...

Improper Access Control

waldhacker/hcaptcha library is vulnerable to Improper Access Control. This vulnerability exists because the captcha field allowed whitespaces, which allows attackers to bypass the security captcha check in the system...

GHSA-5GG7-5WV8-4GCJ Undertow Request Smuggling vulnerability

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

CVE-2019-18678

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlle...

CVE-2017-12165

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...

UBUNTU-CVE-2017-12165

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling...

undertow: improper whitespace parsing leading to potential HTTP request smuggling

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...

PYSEC-2015-5

The django.util.http.issafeurl function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL, related to redirect URLs, as demonstrated by a...

PYSEC-2015-5

The django.util.http.issafeurl function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL, related to redirect URLs, as demonstrated by a...

GLSA-200708-17 : Opera: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200708-17 Opera: Multiple vulnerabilities An error known as 'a virtual function call on an invalid pointer' has been discovered in the JavaScript engine CVE-2007-4367. Furthermore, iDefense Labs reported that an already-freed...

apache2 multiple space header denial-of-service vulnerability

It is possible for remote attackers to cause a denial-of-service scenario on Apache 2.0.52 and earlier by sending an HTTP GET request with a MIME header containing multiple lines full of whitespaces...