Lucene search
+L

36 matches found

OSV
OSV
added 2025/01/14 4:32 p.m.9 views

GHSA-J2JG-FQ62-7C3H Gradio Blocked Path ACL Bypass Vulnerability

Summary Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windo...

9.1CVSS5.4AI score0.0085EPSS
Exploits1References6
NVD
NVD
added 2024/12/06 9:15 p.m.39 views

CVE-2024-12326

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in...

6.1CVSS0.00235EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/06 12:0 a.m.5 views

Jirafeau 跨站脚本漏洞

Jirafeau is a simple method of uploading files by the individual developer Jérôme Jutteau. Jirafeau suffers from a cross-site scripting vulnerability that stems from case-insensitive MIME type checking of SVG files, which allows bypassing browser preview restrictions by modifying the case of...

6.1CVSS5.9AI score0.00566EPSS
Exploits0References2
OSV
OSV
added 2023/12/28 9:16 p.m.76 views

GHSA-WPMX-564X-H2MH ewen-lbh/ffcss Late-Unicode normalization vulnerability

Summary The function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex - .. go ...

5.3CVSS5.3AI score0.00522EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/09/21 12:25 p.m.5 views

curl: Bad connection reuse due to flawed path name checks

A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. The highest threat from this vulnerability is to confidentiality...

4.3CVSS7.1AI score0.0627EPSS
Exploits1References5
OSV
OSV
added 2021/08/05 9:15 p.m.37 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

3.7CVSS2.5AI score0.0627EPSS
Exploits1References15
UbuntuCve
UbuntuCve
added 2021/07/21 12:0 a.m.38 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS6.6AI score0.0627EPSS
Exploits1References3
Friends Of PHP
Friends Of PHP
added 2018/10/02 12:1 a.m.15 views

Action case insensitivity

Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...

1.7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/10/02 12:1 a.m.13 views

Action case insensitivity

Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...

6.1AI score
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.15 views

Microsoft Windows: System objects: Require case insensitivity for non-Windows subsystems

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsocaseinsensitivesubsystems.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for System objects: Require case insensitivity for non-Windows subsystems Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...

7.3AI score
Exploits0
Broadcom
Broadcom
added 2017/09/29 12:0 a.m.11 views

BSA-2017-436

Security Advisory ID : BSA-2017-436 Component : Perl Revision : 2.0: Interim Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service crash via a crafted regular expression with the...

7.5CVSS7.2AI score0.06207EPSS
Exploits0
OSV
OSV
added 2017/09/19 12:0 a.m.5 views

UBUNTU-CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

7.5CVSS7AI score0.06207EPSS
Exploits0References5
RubySec
RubySec
added 2015/04/13 12:0 a.m.38 views

Ruby OpenSSL Hostname Verification

After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching o...

5.9CVSS1.7AI score0.02815EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/11/27 12:0 a.m.37 views

OpenVMS weak passwords

Llimit character set, case insensitivity and fast encryption algorythm allow password bruteforcing...

2.7AI score
Exploits0References1
exploitpack
exploitpack
added 2001/06/10 12:0 a.m.11 views

Apache 1.3.14 - Mac File Protection Bypass

Apache 1.3.14 - Mac File Protection Bypass source: https://www.securityfocus.com/bid/2852/info A vulnerability exists when Apache webserver is used with Mac OS X Client. The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result i...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2001/06/10 12:0 a.m.27 views

Apache 1.3.14 - Mac File Protection Bypass

source: https://www.securityfocus.com/bid/2852/info A vulnerability exists when Apache webserver is used with Mac OS X Client. The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result is that Apache will filter all file requests...

7.4AI score
Exploits0
Rows per page
Query Builder