12 matches found
CVE-2026-42874
Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...
PT-2026-37286
Name of the Vulnerable Software and Affected Versions microdot versions prior to 2.6.1 Description The Response.set cookie function does not sanitize string arguments, failing to detect the r sequence. This allows for HTTP response splitting and header injection attacks. For this to be exploited,...
PT-2026-36730
Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...
CVE-2024-27947
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client...
CVE-2024-27947
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client...
CVE-2024-27947
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client...
Siemens RUGGEDCOM CROSSBOW 信息泄露漏洞
Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from an information disclosure vulnerability due to the fact that an affected system may allow log messages to be forwarded to specific clients under certain...
K20105555: F5 SSL Orchestrator may fail to stop an attacker from exfiltrating data on a compromised client system (SNIcat)
Security Advisory Description An attacker may be able to exfiltrate data from a target system sitting behind F5 SSL Orchestrator by inserting data into the TLS SNI field. This approach assumes that the attacker has already compromised, and is in full control of, the target system to be able to...
Denial Of Service (DoS)
libglusterfs.so is vulnerable to denial of service DoS. There are no controls to prevent dumping of files on the server side, which allows a compromised client to create io-stats dumps on the server repeatedly until all available inodes have been exhausted, resulting in a denial of service...
UBUNTU-CVE-2017-7466
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the...
PYSEC-2018-39
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...
Ansible: Compromised remote hosts can lead to running commands on the Ansible controller
An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server...