301 matches found
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Reflected File Download (CVE-2024-43169)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Reflected File Download CVE-2024-43169. Vulnerability Details CVEID:CVE-2024-43169 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a user to download a malicious file without verifying the...
IBM Engineering Requirements Management DOORS Next Reflected File Download (7184506)
The version of IBM Engineering Requirements Management DOORS Next installed on the remote host is 7.0.2 prior to 7.0.2 ifix 33 or 7.0.3 7.0.3 ifix 11 or 7.1.0 7.1.0 ifix 02. It is, therefore, affected by reflected file download vulnerability as referenced in the 7184506 advisory. - IBM Engineerin...
OESA-2024-2490 rubygem-sinatra security update
Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...
OESA-2024-2477 rubygem-sinatra security update
Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...
OESA-2024-2476 rubygem-sinatra security update
Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...
OESA-2024-2475 rubygem-sinatra security update
Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...
[SECURITY] [DLA 3877-1] ruby-sinatra security update
Debian LTS Advisory DLA-3877-1 [email protected] https://www.debian.org/lts/security/ Jochen Sprickerhof September 05, 2024 https://wiki.debian.org/LTS Package : ruby-sinatra Version : 2.0.8.1-2+deb11u1 CVE ID : CVE-2022-29970 CVE-2022-45442 Debian Bug : 1014717 1070953 Sinatra is an op...
Debian dla-3877 : ruby-rack-protection - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3877 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3877-1 [email protected]...
BIT-DJANGO-2022-36359
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...
Ubuntu 16.04 ESM : Spring Framework vulnerabilities (USN-4774-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4774-1 advisory. Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cau...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
Design/Logic Flaw
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29539
Concrete details found: CVE-2023-29539 (Content-Disposition filename truncation on NULL) affects Firefox family and Thunderbird; root cause is NULL character in filename causing truncation and potential Reflected File Download. Connected documents (Astra Linux bulletin, Debian/CentOS advisories) ...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
Reflected File Download
github.com/gin-gonic/gin is vulnerable to Reflected File Download. The vulnerability exists because the FileAttachment function of context.go does not properly sanitize the filename parameter, which allows an attacker to modify the Content-Disposition header and replace the .txt file name suffix...
RLSA-2023:1809 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes: Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...