50 matches found
URIjs Hostname spoofing via backslashes in URL
Impact If using affected versions to determine a URL's hostname, the hostname can be spoofed by using a backslash \ character as part of the scheme delimiter, e.g. scheme:/\hostname. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...
Netshield NANO OS Command Injection Vulnerability
Netshield NANO is a hardware device from the American company Netshield NANO Netshield. It provides network protection functionality. The Netshield NANO 25 10.2.18 devices suffer from an operating system command injection vulnerability that stems from the insecure use of system C library function...
CVE-2020-26291
URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...
UBUNTU-CVE-2018-1067
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input ...
UBUNTU-CVE-2017-12099
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
UBUNTU-CVE-2017-12102
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application...
UBUNTU-CVE-2017-12104
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An...
PT-2018-3106 · Blender Foundation +1 · Blender +1
Name of the Vulnerable Software and Affected Versions: Blender version 2.78c Description: An integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow...
Fast and Full Featured SSL Scanner: SSLyze
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. SSLyze is all Python code but it uses an OpenSSL wrapper...
IRIX 5.36.x - netprint Arbitrary Shared Library Usage
IRIX 5.36.x - netprint Arbitrary Shared Library Usage // source: https://www.securityfocus.com/bid/2656/info The 'netprint' utility shipped with SGI Irix systems is used to send print jobs to print spoolers on remote hosts. It is installed setuid root by default. At the command line, 'netprint'...