Lucene search
K

274 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.7 views

CVE-2021-32054

Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser...

6.1CVSS6.7AI score0.01002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:29 p.m.10 views

CVE-2021-27132

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

9.8CVSS7.3AI score0.16062EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:19 p.m.12 views

CVE-2021-23929

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/?delivery=view URI...

6.1CVSS5.6AI score0.01133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:34 p.m.7 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS6.9AI score0.01342EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/13 2:1 p.m.5 views

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

7.5CVSS7.3AI score0.00736EPSS
Exploits0References5
OSV
OSV
added 2025/05/07 12:18 p.m.9 views

USN-7490-3 libsoup3 vulnerabilities

USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the corresponding updates for libsoup3. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a malicious...

9CVSS7.2AI score0.00847EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/05/06 4:3 p.m.6 views

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS7.3AI score0.00847EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/06 1:53 p.m.9 views

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

7.5CVSS7.3AI score0.00736EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/04/22 7:0 a.m.4 views

Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header

...

7.5CVSS8.1AI score0.00736EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/04/16 2:35 a.m.7 views

SUSE CVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

8.1CVSS7AI score0.00847EPSS
Exploits0References16
OSV
OSV
added 2025/04/14 2:15 p.m.8 views

UBUNTU-CVE-2025-32913

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

7.5CVSS7AI score0.00736EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.5 views

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup, which stems from a double release issue in the function soupmessageheadersgetcontentdisposition...

9CVSS8.5AI score0.00847EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.6 views

PT-2025-7041 · Unknown · Securedrop Client

Name of the Vulnerable Software and Affected Versions: SecureDrop Client versions prior to 0.14.1 Description: The issue lies in the code responsible for downloading replies in the SecureDrop Client. A malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machin...

8.1CVSS7.3AI score0.00995EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.5 views

Telstra Smart Modem 安全漏洞

Telstra Smart Modem is a smart modem from Telstra. A security vulnerability exists in Telstra Smart Modem Gen 2 20250115 and earlier versions, which stems from the parameter Content-Disposition of the component HTTP Header Handler can lead to injection...

6.9CVSS5.5AI score0.00464EPSS
Exploits0References5
OSV
OSV
added 2024/11/22 2:23 p.m.3 views

OESA-2024-2477 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

8.8CVSS7AI score0.00642EPSS
Exploits1References2
OSV
OSV
added 2024/11/22 2:23 p.m.4 views

OESA-2024-2476 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

8.8CVSS7AI score0.00642EPSS
Exploits1References2
OSV
OSV
added 2024/11/22 2:23 p.m.3 views

OESA-2024-2475 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

8.8CVSS7AI score0.00642EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/11/07 3:13 p.m.7 views

firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response

The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...

6.1CVSS7.2AI score0.00572EPSS
Exploits0References9
Veracode
Veracode
added 2024/06/10 6:30 a.m.20 views

Arbitrary File Write

mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.httpdatasetsource.py module, when fetching data over HTTP. The Content-Disposition header is used directly to construct the path where the file is saved to, which allows an attack...

8.8CVSS6.8AI score0.02382EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/06/06 6:19 p.m.98 views

CVE-2024-0520

CVE-2024-0520 affects mlflow/mlflow v8.2.1, enabling remote code execution via command injection in mlflow.data.http_dataset_source.py when loading an HTTP URL dataset. The filename gathered from Content-Disposition or URL path is used to form the final file path without proper sanitization, allo...

10CVSS9.5AI score0.02382EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder