61 matches found
CVE-2023-41337
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...
thunderbird: User Interface (UI) Misrepresentation of attachment URL
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the...
Insufficient Visual Distinction of Homoglyphs Presented to User
Overview org.webjars.npm:base-x is a Fast base encoding / decoding of any given alphabet Affected versions of this package are vulnerable to Insufficient Visual Distinction of Homoglyphs Presented to User through the validation process. An attacker can deceive users into sending funds to an...
CVE-2025-27611 base-x homograph attack allows Unicode lookalike characters to bypass validation.
base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions...
Mozilla Firefox Focus 安全漏洞
Mozilla Firefox Focus is an American browser from the Mozilla Foundation for iOS devices. A security vulnerability exists in Mozilla Firefox Focus prior to version 138, which stems from a long URL truncation behavior that could cause users to be misdirected to a different web page...
PT-2025-18320 · Base-X · Base-X
Name of the Vulnerable Software and Affected Versions: base-x versions prior to 3.0.11 base-x version 4.0.0 base-x version 5.0.0 Description: The issue allows attackers to potentially deceive users into sending funds to an unintended address. This is achieved through a problem in the base-x encod...
CVE-2024-50349
A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...
CVE-2024-50349 Git does not sanitize URLs when asking for credentials interactively
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...
Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : Git vulnerabilities (USN-7207-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7207-1 advisory. It was discovered that Git incorrectly handled certain URLs when asking for credentials. An attacker could possibly use this issue to...
BIT-GITLAB-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
CVE-2024-0231
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
UBUNTU-CVE-2024-0231
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
CVE-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
CVE-2024-0231
The CVE-2024-0231 entry documents a resource misdirection vulnerability in GitLab CE/EE: versions 12.0 before 17.0.5, 17.1 before 17.1.3, and 17.2 before 17.2.1 permit an attacker to craft a repository import in a way that misdirects commits. The root cause is a misdirection during repository imp...
CVE-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
CVE-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
PT-2024-5975 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0 Description: A resource misdirection vulnerability in GitLab allows an attacker to craft a repository import in such...
CVE-2023-41337
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...
CVE-2023-41337
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...
Design/Logic Flaw
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...