4372 matches found
Directory Traversal
ansible is vulnerable to directory traversal. A lack of validation in the fetch module allows copying and overwriting of files outside of the specified destination in the local ansible controller host using the ../ characters...
CVE-2017-3145 Improper fetch cleanup sequencing in the resolver can cause named to crash
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1...
Arbitrary Code Execution
thunderbird is vulnerable to arbitrary code execution attacks. The vulnerability exists as a use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash...
PT-2019-5658 · Helm +1 · Helm +1
Name of the Vulnerable Software and Affected Versions: Helm versions 2.0.0 through 2.12.1 Description: The issue is related to a path traversal vulnerability in Helm, where chart archive files can be unpacked outside of the target directory when using the commands helm fetch --untar and helm lint...
CVE-2018-6091
Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2018-6091
Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2018-6091
Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Design/Logic Flaw
Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
UBUNTU-CVE-2018-6091
Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2018-6091
Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2018-6091
CVE-2018-6091 corresponds to a Chrome/Chromium vulnerability where Service Workers incorrectly handle plugins. The connected documentation links this CVE to the Chrome/Chromium 66.0.3359.117 line, with advisories noting affected releases and urging upgrades. Affected product: Google Chrome (Chrom...
CVE-2018-6091
Removed by vendor...
kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...
zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file
An improper input validation was found in function zzipfetchdisktrailer of ZZIPlib, up to 0.13.68, that could lead to a crash in zzipparserootdirectory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...
Security update for pam_pkcs11 (moderate)
This update for pampkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token bsc1105012 - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes bsc1105012 - Memory not cleaned...
The vulnerability of the Fetch API interface of Microsoft Edge browser allows a perpetrator to disclose protected information.
The vulnerability of the Fetch API interface of Microsoft Edge is related to errors in processing filtered responses. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
CVE-2018-11278
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault...
cyclejs-group (>=0.3.0 <=1.0.0), fetch-rancher-metadata (>=1.0.9 <=1.0.10) +1 more potentially affected by CVE-2018-3753 via merge-object (=1.0.0)
merge-object NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on merge-object and may be impacted: - cyclejs-group =0.3.0, =1.0.9, =1.0.0, =1.0.4 Source cves: CVE-2018-3753 Source advisory: OSV:GHSA-FP82-2H99-3FPP...
Information disclosure
An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge...
CVE-2018-8366
CVE-2018-8366 is an information disclosure vulnerability in Microsoft Edge tied to the Fetch API mis-handling a filtered response type. Root cause: Edge Fetch API incorrectly handles certain filtered response types, enabling an attacker to read the URL of a cross-origin request. Affected product/...