CVE-2009-20008

CVE-2009-20008 concerns Green Dam Youth Escort 3.17, vulnerable to a stack-based buffer overflow in the URL filtering component when processing excessively long URLs. The flaw arises from insufficient input length validation before copying data into a fixed-size buffer, enabling a remote attacker...

CVE-2009-20008 Green Dam 3.17 URL Processing Buffer Overflow

Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can...

WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 CVSS score: 5.4, relates to a case of...

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

SUSE-SU-2025:20455-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2024-47081: Fixed incorrect URL processing leading to .netrc credential leak bsc1244039...

Security update for python-requests

This update for python-requests fixes the following issues: CVE-2024-47081: Fixed incorrect URL processing leading to .netrc credential leak bsc1244039 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

The vulnerability of the built-in boa server (/boafrm/formSysLog) of the TOTOLINK A702R router’s microprogramming software allows a intruder to cause a service failure.

The vulnerability of the built-in boa server /boafrm/formSysLog of the TOTOLINK A702R router’s microprogramming software is related to the issue of the operation exceeding the buffer limits in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious actor ...

The vulnerability of the built-in web server boa (/boafrm/formDosCfg) of the TOTOLINK X15 router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the built-in web server boa /boafrm/formDosCfg of the TOTOLINK X15 router’s microprogramming software is related to the copying of buffers without checking the size of input data during the processing of the submit-url parameter. Exploiting this vulnerability allows a remote...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data due to incorrect URL processing. An attacker could craft a malicious URL that, when processed by the library, tricks it into sending the victim's .netrc credentials to a server controlle...

CVE-2025-2776

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

Azure Linux 3.0 Security Update: ceph (CVE-2022-3854)

The version of ceph installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3854 advisory. - A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL...

CVE-2024-11736 Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

CVE-2024-11736

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...

PT-2024-38611 · Webroot · Webroot Secureanywhere - Web Shield

Name of the Vulnerable Software and Affected Versions: Webroot SecureAnywhere - Web Shield versions prior to 2.1.2.3 Description: The issue is related to an Improper Check for Unusual or Exceptional Conditions vulnerability in the wrURL.Dll modules of Webroot SecureAnywhere - Web Shield, allowing...

Server-Side Request Forgery (SSRF)

Axios is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unexpected behavior where requests for path-relative URLs are processed as protocol-relative URLs...

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...

CBL Mariner 2.0 Security Update: ceph (CVE-2022-3854)

The version of ceph installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3854 advisory. - A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL...

The software for remote control of computers by TeamViewer on macOS has vulnerabilities related to error handling of links, which allows attackers to escalate their privileges or cause service failures.

The vulnerability of TeamViewer’s remote control software for macOS is related to errors in URL processing. Exploiting this vulnerability can allow attackers to gain increased privileges or cause service interruptions...