Lucene search
K

301 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 4:0 a.m.20 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Reflected File Download (CVE-2024-43169)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Reflected File Download CVE-2024-43169. Vulnerability Details CVEID:CVE-2024-43169 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a user to download a malicious file without verifying the...

8.8CVSS7.7AI score0.00177EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

IBM Engineering Requirements Management DOORS Next Reflected File Download (7184506)

The version of IBM Engineering Requirements Management DOORS Next installed on the remote host is 7.0.2 prior to 7.0.2 ifix 33 or 7.0.3 7.0.3 ifix 11 or 7.1.0 7.1.0 ifix 02. It is, therefore, affected by reflected file download vulnerability as referenced in the 7184506 advisory. - IBM Engineerin...

8.8CVSS5.5AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 2024/11/29 11:57 a.m.3 views

OESA-2024-2490 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

8.8CVSS7AI score0.00642EPSS
Exploits1References2
OSV
OSV
added 2024/11/22 2:23 p.m.2 views

OESA-2024-2477 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

8.8CVSS7AI score0.00642EPSS
Exploits1References2
OSV
OSV
added 2024/11/22 2:23 p.m.2 views

OESA-2024-2476 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

8.8CVSS7AI score0.00642EPSS
Exploits1References2
OSV
OSV
added 2024/11/22 2:23 p.m.2 views

OESA-2024-2475 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

8.8CVSS7AI score0.00642EPSS
Exploits1References2
Debian
Debian
added 2024/09/05 1:57 p.m.11 views

[SECURITY] [DLA 3877-1] ruby-sinatra security update

Debian LTS Advisory DLA-3877-1 [email protected] https://www.debian.org/lts/security/ Jochen Sprickerhof September 05, 2024 https://wiki.debian.org/LTS Package : ruby-sinatra Version : 2.0.8.1-2+deb11u1 CVE ID : CVE-2022-29970 CVE-2022-45442 Debian Bug : 1014717 1070953 Sinatra is an op...

8.8CVSS6.7AI score0.02059EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/09/05 12:0 a.m.13 views

Debian dla-3877 : ruby-rack-protection - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3877 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3877-1 [email protected]...

8.8CVSS6.9AI score0.02059EPSS
Exploits1References6
OSV
OSV
added 2024/03/06 10:52 a.m.28 views

BIT-DJANGO-2022-36359

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...

8.8CVSS8.5AI score0.00654EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.34 views

Ubuntu 16.04 ESM : Spring Framework vulnerabilities (USN-4774-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4774-1 advisory. Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cau...

9.6CVSS7.1AI score0.1005EPSS
Exploits6References7
NVD
NVD
added 2023/06/02 5:15 p.m.23 views

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

8.8CVSS7.9AI score0.00737EPSS
Exploits0References4
OSV
OSV
added 2023/06/02 5:15 p.m.6 views

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

8.8CVSS7.9AI score
Exploits0References4
Prion
Prion
added 2023/06/02 5:15 p.m.35 views

Design/Logic Flaw

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

6.8CVSS7.8AI score0.00737EPSS
Exploits0References4Affected Software4
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.6 views

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

7.9AI score0.00737EPSS
Exploits0References4
CVE
CVE
added 2023/06/02 12:0 a.m.225 views

CVE-2023-29539

Concrete details found: CVE-2023-29539 (Content-Disposition filename truncation on NULL) affects Firefox family and Thunderbird; root cause is NULL character in filename causing truncation and potential Reflected File Download. Connected documents (Astra Linux bulletin, Debian/CentOS advisories) ...

8.8CVSS7.9AI score0.00737EPSS
Exploits0References4Affected Software4
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.22 views

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

8.2AI score0.00737EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2023/06/02 12:0 a.m.25 views

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

8.8CVSS8.2AI score0.00737EPSS
Exploits0
Veracode
Veracode
added 2023/05/17 4:33 a.m.36 views

Reflected File Download

github.com/gin-gonic/gin is vulnerable to Reflected File Download. The vulnerability exists because the FileAttachment function of context.go does not properly sanitize the filename parameter, which allows an attacker to modify the Content-Disposition header and replace the .txt file name suffix...

4.3CVSS6.7AI score0.00482EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2023/04/26 3:29 p.m.37 views

RLSA-2023:1809 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes: Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...

8.8CVSS8.8AI score0.01185EPSS
Exploits0References13
Rockylinux
Rockylinux
added 2023/04/26 3:29 p.m.33 views

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

8.8CVSS8.9AI score0.01185EPSS
Exploits0
Rows per page
Query Builder