Search CVE reports
851 – 860 of 36525 results
Not in release
A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue...
1 affected package
sogo
| Package | 24.04 LTS |
|---|---|
| sogo | Not in release |
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboy_req:read_part/3 in src/cowboy_req.erl...
1 affected package
erlang-cowboy
| Package | 24.04 LTS |
|---|---|
| erlang-cowboy | Needs evaluation |
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in...
1 affected package
netty
| Package | 24.04 LTS |
|---|---|
| netty | Needs evaluation |
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib passes peer-supplied compressed...
1 affected package
erlang-cowlib
| Package | 24.04 LTS |
|---|---|
| erlang-cowlib | Needs evaluation |
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression...
1 affected package
netty
| Package | 24.04 LTS |
|---|---|
| netty | Needs evaluation |
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output...
1 affected package
netty
| Package | 24.04 LTS |
|---|---|
| netty | Needs evaluation |
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed...
1 affected package
netty
| Package | 24.04 LTS |
|---|---|
| netty | Needs evaluation |
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once per response, including for...
1 affected package
netty
| Package | 24.04 LTS |
|---|---|
| netty | Needs evaluation |
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only...
1 affected package
netty
| Package | 24.04 LTS |
|---|---|
| netty | Needs evaluation |
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute...
1 affected package
netty
| Package | 24.04 LTS |
|---|---|
| netty | Needs evaluation |