67 matches found
CVE-2021-40330
A flaw was found in git where it allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. The highest threat from this vulnerability is to confidentiality...
Design/Logic Flaw
gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
CVE-2021-40330
gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
CVE-2021-40330
gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
UBUNTU-CVE-2021-40330
gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
CVE-2021-40330
gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
Git 处理逻辑错误漏洞
Git is a free, open source distributed version control system. Git suffers from a Processing Logic Error vulnerability that stems from the fact that gitconnectgit in connect.c in Git prior to version 2.30.1 allows repository paths to contain line breaks, which can lead to unexpected cross-protoco...
CVE-2021-40330
gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
CVE-2021-40330
gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
Actix-http 环境问题漏洞
Actix-http is the HTTP primitive for the Actix ecosystem. An environmental issue vulnerability exists in Actix-http that stems from the product's failure to detect HTTP HRS requests, which can be exploited by an attacker to cause a credential disclosure. The following products and versions are...
USN-4966-1: libx11 vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests. CVEs contained in th...
USN-4966-2 libx11 vulnerability
USN-4966-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick...
USN-4966-1: libx11 vulnerability
It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests...
USN-4966-1 libx11 vulnerability
It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests...
MGASA-2021-0219 Updated libx11 packages fix a security vulnerability
XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the emission of extra X protoc...
libX11 -- Arbitrary code execution
The X.org project reports: XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the...
PT-2021-8149 · Git +5 · Git +5
Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.30.1 Description: The issue is related to the git connect git function in the connect.c component of the Git distributed version control system. It allows a repository path to contain a newline character, which may...
The vulnerability of the WLS component – the deployment server of Oracle WebLogic Server – allows a perpetrator to modify protected data.
The vulnerability of the WLS component – the deployment of Oracle WebLogic Server applications – is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to remotely gain access to modify, add, or delete protected data through HTTP requests...
SAP HANA Information Disclosure Vulnerability (CNVD-2018-03088)
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. An information disclosure vulnerability exists in SAP HANA. A remote attacker can exploit this...
Siemens SIPROTEC Denial of Service (CVE-2015-5374)
A vulnerability exists in Siemens SIPROTEC. This vulnerability, aka Crash Override or Industroyer, is due to the way SIPROTEC handles certain malformed protocol requests. A successful attack can lead to a denial of service...