EUVD-2026-32926

Hono: IP Restriction bypasses static deny rules for non-canonical IPv6...

nbd: restrict sockets to TCP and UDP

...

GHSA-G4PX-6QHM-HQJM Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

CVE-2020-11628

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols CMP, ACME, REST, etc. through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. EJBCA's internal acces...

curl: bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]

Summary: A flaw has been identified in the curl command-line tool related to its protocol selection mechanism. Specifically, the protocol restrictions set by the --proto option can be bypassed, allowing unintended protocols to be used despite explicit restrictions. This flaw can result in plainte...

PT-2024-40188 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe affected versions not specified Description: The issue allows spoofing of HTTP headers, which can lead to various security problems, including bypassing IP restrictions and SSL enforcement. This is due to SilverStripe trusting...

Logic Error

curl is vulnerable to Logic Error. The vulnerability is due to an error in the logic for removing protocols when a protocol selection parameter option disables all protocols without adding any, allows attackers to potentially bypass protocol restrictions and perform requests with disabled protoco...

PT-2023-6208 · Oracle · Oracle Enterprise Command Center Framework

Name of the Vulnerable Software and Affected Versions: Oracle Enterprise Command Center Framework versions 8 through 10 Description: The issue is related to insufficient input validation in the UI Components of the Oracle Enterprise Command Center Framework, allowing an unauthenticated attacker...

CVE-2022-25167

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

PT-2020-8981

Name of the Vulnerable Software and Affected Versions Modicon M580 affected versions not specified Modicon M340 affected versions not specified Modicon Quantum affected versions not specified Modicon Premium affected versions not specified Description A vulnerability exists that could cause a...

Cannot connect to vCenter from PVS Console using stronger SCHANNEL Protocols, such as TLS 1.2

When running the XenDesktop Setup Wizard or the Streamed VM Wizard, and connecting to a vCenter Server that has been configured to only accept connections using TLS 1.1 or higher, the PVS Console could present an error stating that the Connection was closed. The error shown will have a text simil...

CVE-2018-11240

CVE-2018-11240 affects SoftCase T-Router build 20112017 devices. The vulnerability is in the T-Router protocol’s exec command feature, which has no restrictions; if the command syntax is correct, it allows code execution on both the other modem and the main servers. This entry is supported by mul...

Tiandy IP cameras information disclosure vulnerability

Tiandy IP cameras is a webcam from China Tiandy Digital Technology Co. A security vulnerability exists in Tiandy IP cameras version 5.56.17.120, which is caused by the program failing to properly restrict the use of a dedicated protocol. A remote attacker can exploit the vulnerability by sending ...

CVE-2017-1000100

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name longer than about 515 bytes, the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used...

UBUNTU-CVE-2017-1000100

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name longer than about 515 bytes, the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used...

CVE-2015-7545

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...

CVE-2015-7545

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...

CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...