232 matches found
SUSE CVE-2016-0973
Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before...
Design/Logic Flaw
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 239427...
CVE-2022-43864 IBM Business Automation Workflow information disclosure
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 239427...
Cross-site Scripting (XSS)
nuxt is vulnerable to cross-site scripting XSS attacks. The library unsafely renders the stack trace within errors, which allows an attacker to inject and execute malicious JavaScript via a specifically crafted URL request...
CVE-2021-27759
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application...
GHSA-X445-MMPW-7R4F Apache Tomcat Allows Source Disclosure
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification i.e. HTTP/1.0...
CVE-2020-21574
Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function...
CVE-2020-21574
Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function...
[ASA-202110-5] nodejs-lts-fermium: multiple issues
Arch Linux Security Advisory ASA-202110-5 ========================================= Severity: High Date : 2021-10-21 CVE-ID : CVE-2021-22939 CVE-2021-22940 CVE-2021-22959 CVE-2021-22960 Package : nodejs-lts-fermium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2284...
[ASA-202110-4] nodejs: url request injection
Arch Linux Security Advisory ASA-202110-4 ========================================= Severity: Medium Date : 2021-10-21 CVE-ID : CVE-2021-22959 CVE-2021-22960 Package : nodejs Type : url request injection Remote : Yes Link : https://security.archlinux.org/AVG-2460 Summary ======= The package nodej...
[ASA-202107-28] varnish: url request injection
Arch Linux Security Advisory ASA-202107-28 ========================================== Severity: Medium Date : 2021-07-14 CVE-ID : CVE-2021-36740 Package : varnish Type : url request injection Remote : Yes Link : https://security.archlinux.org/AVG-2154 Summary ======= The package varnish before...
[ASA-202106-42] go: multiple issues
Arch Linux Security Advisory ASA-202106-42 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2006 Summary...
Code injection
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to read and delete arbitrary files on the system. IBM X-Force ID: 198435...
[ASA-202105-3] ceph: multiple issues
Arch Linux Security Advisory ASA-202105-3 ========================================= Severity: High Date : 2021-05-19 CVE-ID : CVE-2021-3509 CVE-2021-3524 CVE-2021-3531 CVE-2021-20288 Package : ceph Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1826 Summary =======...
[ASA-202102-28] python-django: url request injection
Arch Linux Security Advisory ASA-202102-28 ========================================== Severity: Medium Date : 2021-02-20 CVE-ID : CVE-2021-23336 Package : python-django Type : url request injection Remote : Yes Link : https://security.archlinux.org/AVG-1593 Summary ======= The package python-djan...
CVE-2021-20354
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 194883...
[ASA-202101-16] nodejs: multiple issues
Arch Linux Security Advisory ASA-202101-16 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-8265 CVE-2020-8287 Package : nodejs Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1400 Summary ======= The package nodejs before...
[ASA-202101-15] nodejs-lts-fermium: multiple issues
Arch Linux Security Advisory ASA-202101-15 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-8265 CVE-2020-8287 Package : nodejs-lts-fermium Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1401 Summary ======= The package...
[ASA-202101-14] nodejs-lts-erbium: multiple issues
Arch Linux Security Advisory ASA-202101-14 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-8265 CVE-2020-8287 Package : nodejs-lts-erbium Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1402 Summary ======= The package...
CVE-2020-4782
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...