Bottle does not properly limit content-types

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

CVE-2016-9447

The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service out-of-bounds read or write and possibly execute arbitrary code via a crafted NSF music file...

CVE-2016-9447

The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service out-of-bounds read or write and possibly execute arbitrary code via a crafted NSF music file...

CVE-2016-9447

CVE-2016-9447 affects the GStreamer 0.10.x NSF decoder: a crafted NSF music file can trigger an out-of-bounds read/write, leading to denial of service and possibly arbitrary code execution. The connected documents confirm the affected component and impact but do not provide a remediation or patch...

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

Code injection

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

CVE-2016-2086

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

[SECURITY] Fedora 22 Update: compat-libuv010-0.10.34-1.fc22

Compatibility libuv library for nodejs 0.10.x...

Design/Logic Flaw

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...

UBUNTU-CVE-2014-7192

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...

CVE-2014-7192

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...

CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

CVE-2008-0285

ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service crash via crafted IRC PART message, which triggers an invalid dereference...

Buffer overflow

Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the 1 ALCAP dissector, 2 Network Instruments file code, or 3 NetXray/Windows Sniffer file code...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service large or infinite loops viarafted packets to the 1 UMA and 2 BER dissectors...

PT-2006-2917 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.x up to 0.10.14 Description: The issue involves multiple unspecified vulnerabilities that allow remote attackers to cause a denial of service through crafted packets to the 1 UMA and 2 BER dissectors, potentially leadin...

PT-2006-2918 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.x up to 0.10.14 Description: The issue is related to multiple buffer overflows that can be triggered remotely, potentially allowing attackers to cause a denial of service crash and possibly execute arbitrary code. This ...