27 matches found
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
EUVD-2026-32538
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
Interpretation Conflict
Overview org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Interpretation Conflict due to inconsistent handling of invalid or unusual URIs in the parse function on HttpURI.java. An attacke...
EUVD-2006-6800
Malware in sbrugna...
EUVD-2008-0485
Malware in sbrugna...
EUVD-2007-0448
Malware in sbrugna...
EUVD-2003-1149
Malware in sbrugna...
UBUNTU-CVE-2024-50345
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...
SUSE CVE-2007-0017
Multiple format string vulnerabilities in 1 the cdiologhandler function in modules/access/cdda/access.c in the CDDA libcddaplugin plugin, and the 2 cdiologhandler and 3 vcdloghandler functions in modules/access/vcdx/access.c in the VCDX libvcdxplugin plugin, in VideoLAN VLC 0.7.0 through 0.8.6...
SUSE CVE-2007-0448
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...
OPENSUSE-SU-2019:2318-1 Security update for epiphany
This update for epiphany fixes the following issues: - CVE-2018-11396: Fixed a JavaScript crash when an invalid URI is opened boo1094464...
CVE-2007-0448
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...
Apache mod_proxy unauthorized internal network access
Invalid processing for URI with preceeding @ sign...
CVE-2008-3533
Format string vulnerability in the windowerror function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within 1 man or 2 ghelp URI...
Information disclosure
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information Home-Summary via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-0475
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information Home-Summary via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Design/Logic Flaw
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...
CVE-2007-0448
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...