20 matches found
CLSA-2026-1774526052 Fix CVE(s): CVE-2026-28417, CVE-2026-28421
SECURITY UPDATE: Crash when recovering a corrupted swap file - debian/patches/CVE-2026-28421.patch: add bounds checks in swap file recovery to prevent heap-buffer-overflow and SEGV from crafted swap files - CVE-2026-28421 SECURITY UPDATE: Command injection via crafted netrw URIs -...
CVE-2026-1002
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response. Mitigation To mitigate this...
MiracleLinux 4 : apr-1.3.9-3.2.0.2.AXS4 (AXSA:2011-669:02)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-669:02 advisory. The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines, forming a system portability layer to as many...
SUSE CVE-2022-34037
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service DoS via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an...
SUSE CVE-2023-23608
Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an...
jetty: crafted URIs allow bypassing security constraints
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...
GHSA-C7FH-CHF7-JR5X ReDOS in Vfsjfilechooser2
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Vfsjfilechooser2 which occurs when the application attempts to validate crafted URIs...
jetty: crafted URIs allow bypassing security constraints
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...
SUSE SLED15 / SLES15 Security Update : jetty-minimal (SUSE-SU-2021:2838-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2838-1 advisory. - For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the...
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...
CVE-2021-29061
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs...
Denial of service
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs...
ZmartZone 'mod_auth_openidc' Module Open Redirection Vulnerability
Description ZmartZone modauthopenidc Module is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this...
Typora 0.9.9.24.6 - Directory Traversal
Typora 0.9.9.24.6 - Directory Traversal Exploit Title: Code execution via path traversal Date: 17-05-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: http://typora.io Software Link: https://typora.io/download/Typora.dmg Version: 0.9.9.24.6 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-12137...
Kallithea /_admin/my_account Admin account password manipulation vulnerability
Kallithea is a free source code management system. Kallithea suffers from a security vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious actions, such as changing a user's password, in the context of the target user...
Websense TRITON AP-EMAIL Clickjacking Vulnerability
Websense TRITON is a unified content architecture to protect data security. A clickjacking vulnerability exists in Websense TRITON AP-EMAIL, which allows attackers to construct malicious URIs, trick users into parsing them, and spoof user communications...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...
CVE-2014-8600
Removed by vendor...
GLSA-200809-01 : yelp: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200809-01 yelp: User-assisted execution of arbitrary code Aaron Grattafiori reported a format string vulnerability in the windowerror function in yelp-window.c. Impact : A remote attacker can entice a user to open specially crafte...
USN-245-1: KDE library vulnerability
Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow. By tricking an user into visiting a web site with malicious...