CVE-2022-32265

qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...

Design/Logic Flaw

qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...

CVE-2022-32265

qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...

CVE-2022-32265

CVE-2022-32265 affects the qDecoder library prior to version 12.1.0. The root cause is improper URL decoding where a percent character may not be followed by two hex digits, leading to input validation gaps. Affected component: qDecoder (C/C++ CGI library). Impact is described as input validation...

The vulnerability in the implementation of the OPENSSL_LHflush() function in the OpenSSL library allows a attacker to cause a service failure.

The vulnerability of the OPENSSLLHflush function implementation in the OpenSSL library is related to the repeated use of memory during the flushing of the hash table when decoding certificates or keys. Exploiting this vulnerability could allow a malicious actor to cause service failures...

AZL-9909 CVE-2022-27780 affecting package curl for versions less than 7.83.1-1

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

PYSEC-2022-202

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

Exploit for Unrestricted Upload of File with Dangerous Type in Artica Pandora_Fms

Exploit for CVE-2020-5844 Pandora FMS v7.0NG.742 - Remote Co...

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit b4e79bfa.

...

Crash when decoding malformed HTTP requests or malformed JSON payload

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a...

Denial of service in Apache Mesos

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster...

GHSA-X869-784M-JMJ2 Denial of service in Apache Mesos

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster...

Puppet Improper Access Control

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

GHSA-PQJ5-7R86-64FV Puppet Improper Access Control

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via an assertion failure in the stbijpeghuffdecode function, due to a crafted JPEG file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

Updated python-rencode packages fix security vulnerability

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory. CVE-2021-40839...

curl 代码问题漏洞

curl is a tool used to transfer data from or to a server. A code issue vulnerability exists in curl, which arises from the URL parser incorrectly accepting percentage-encoded URL separators when decoding the hostname portion of a URL...

Silicon Graphics LibTIFF 缓冲区错误漏洞

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains some command line tools for working with TIFF files. A security vulnerability exists in Silicon Graphics LibTIFF. An attacker could use this...

[SECURITY] Fedora 36 Update: golang-github-francoispqt-gojay-1.2.13-6.fc36

GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...

USU Oracle Optimization Command Injection Vulnerability

USU Oracle Optimization is used to improve the performance of Oracle queries. command injection vulnerability exists in versions of USU Oracle Optimization prior to 5.17.5. The vulnerability stems from the fact that some common OS commands are blocked, but OS commands for base64 decoding are not...