18 matches found
OESA-2026-2679 python-webob security update
WebOb provides wrappers around the WSGI request environment, and an object to help create WSGI responses. The objects map much of the specified behavior of HTTP, including header parsing and accessors for other standard parts of the environment. Security Fixes: Impact When WebOb normalizes the HT...
Astra Linux – Vulnerability in symfony
symfony/validator is a module for the Symphony PHP framework that provides tools for validating values. It’s possible to trick a Validator configured with a regular expression using the $ metacharacter, especially when the input ends with \n. Starting from versions 5.4.43, 6.4.11, and 7.1.4,...
httpd: Fix of 2 CVEs
CVE-2017-15710: modauthnzldap out-of-bounds write when accept-language header value is shorter than two characters - CVE-2017-15715: regex anchor in / can match before an embedded newline, allowing .htaccess bypass of trailing-extension filters...
CVE-2026-30312
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
CVE-2026-30312
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
CVE-2026-30313
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
CVE-2026-30312
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
CVE-2026-30312
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
PT-2026-29121
Name of the Vulnerable Software and Affected Versions DSAI-Cline affected versions not specified Description The command auto-approval module in DSAI-Cline has a critical operating system command injection flaw. The security mechanism, which uses a whitelist, is ineffective because the system...
CVE-2026-30313
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
EUVD-2026-14952
Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...
DEBIAN-CVE-2026-23920
Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...
DEBIAN-CVE-2024-50343
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...
Misinterpretation of Input
Overview Affected versions of this package are vulnerable to Misinterpretation of Input containing a \n. Several validations expect line ending characters to be matched by $, but a malicious user can bypass those validations to cause invalid input to be treated as valid. Remediation Upgrade...
PT-2024-24591 · Phlex · Phlex
Name of the Vulnerable Software and Affected Versions: phlex versions prior to 1.10.1 phlex versions prior to 1.9.2 phlex versions prior to 1.8.3 phlex versions prior to 1.7.2 phlex versions prior to 1.6.3 phlex versions prior to 1.5.3 phlex versions prior to 1.4.2 Description: There is a potenti...
CVE-2023-29542
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows. Other versions...
Design/Logic Flaw
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows. Other versions...
PT-2023-12076 · Unknown · Ingress-Nginx
Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the...