28 matches found
CVE-2026-35046
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary...
EUVD-2020-0564
Malware in sbrugna...
EUVD-2018-0180
Malware in sbrugna...
EUVD-2022-49806
Malicious code in bioql PyPI...
GO-2025-3807 Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast
Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast...
CVE-2018-20586
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...
Exploit for HTTP Request Smuggling in Sap Content_Server
CVE-2022-22536: HTTP Smuggling Through SAP's Front Door SAP Ne...
CVE-2024-5594
OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...
kernel: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
in linux kernel net/sched taprio, TCATAPRIOATTRPRIOMAP is not correctly validated if multiple calls to tapriochange occur. This can allow arbitrary data to be injected to the kernel...
UBUNTU-CVE-2024-36974
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...
CVE-2023-42450
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...
CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...
nodejs: Incorrect handling of certificate subject and issuer fields
A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...
nodejs: Incorrect handling of certificate subject and issuer fields
A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient validation of input data. This allows attackers to introduce arbitrary data.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary data into the Incidents Timeline field...
nodejs: Incorrect handling of certificate subject and issuer fields
A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...
Windows 10 Input Validation Error Vulnerability
Microsoft Windows 10 is a suite of operating systems for use on personal computers from the American company Microsoft. A security vulnerability exists in Windows 10 driver version 6.1316.1209. An attacker can inject arbitrary data frames independent of the network configuration...
Design/Logic Flaw
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration...
Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Plus (CVE-2020-5023)
Summary IBM Spectrum Protect Plus may be vulnerable to a denial of service attack when arbitrary data injection/parameter fuzzing is performed. Vulnerability Details CVEID: CVE-2020-5023 DESCRIPTION: IBM Spectrum Protect Plus could allow a remote user to inject arbitrary data iwhich could cause t...
Insecure Cryptography
typo3/cms is vulnerable to insecure cryptography. The vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data...