Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.13.0 to 4.0.1, which stems from a URL decoding of host components by URL normalization functions that could lead to server-side request forgery...

Node.js Adapter for Hono 安全漏洞

The Node.js Adapter for Hono is an open-source tool developed by Hono, designed to run Hono applications on Node.js. Versions of the Node.js Adapter for Hono prior to 1.19.10 contained a security vulnerability. This vulnerability stemmed from inconsistent URL decoding, which could allow access to...

GHSA-MPWQ-J3XF-7M5W The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

An issue was found in the redirecturi validation logic that allows for a bypass of otherwise explicitly allowed hosts. The problem arises in the verifyRedirectUri method, which attempts to enforce rules on user-controllable input, but essentially causes a desynchronization in how Keycloak and...

SUSE CVE-2019-12524

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is...

CVE-2022-28665

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that c...

CLSA-2022-1656430292 Fixed CVEs in curl: CVE-2022-27780, CVE-2022-27782, CVE-2022-27781

CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2022-27781: add limit of certificates which can be traversed breaking possible infinite loop - CVE-2022-27780: exclude malicious characters from url to prevent incorrect address...

Discuz attachment download permission bypass method-vulnerability warning-the black bar safety net

Ultra vires download contain a“Read permissions”plug-in, download plug-in free snap coin To reproduce the steps of: 1, Using the administrator account, Upload a high reading permissions of the attachment 2, The use of low-privileged user account, download the attachment, this time, Discuz will...

security flaw

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass urlregex ACLs via a URL with a NULL "%00" character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists...

Exploitable pine heap overflow (Re: Remote pine Denial of Service)

Dear Linus Sjberg, There is a classic and probably exploitable heap overflow in bldaddr.c addrliststring. else char charset = NULL; list = char fsgetsizetestsizeadrlist; list0 = '0'; rfc822writeaddressdecodelist, adrlist, verbose ? NULL : &charset, doquote; ifcharset fsgivevoid &charset; estsize...