PT-2026-38390

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description NodeVM's builtin allowlist can be bypassed when the module builtin is allowed, including when the wildcard is used. The module builtin exposes Node's Module. load function, which loads any module by nam...

spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry

A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are...

spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry

A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are...

spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry

A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2635)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: curl

Issue Overview: Integer overflow vulnerability in tooloperate.c in curl 7.65.2 via crafted value as the retry delay. CVE-2020-19909 libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before i...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

Medium: curl

Issue Overview: libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw risks inserting sensitive heap-based data into t...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

RHEL 8 : Red Hat Virtualization (RHSA-2023:3771)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3771 advisory. The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

AZL-38032 CVE-2023-28321 affecting package tensorflow for versions less than 2.16.1-1

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

Input validation

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...