CVE-2026-23888

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: 1 Malicious ZIP entries containing ../ or absolute paths that...

EUVD-2016-5968

Malware in sbrugna...

SUSE CVE-2016-5009

The handlecommand function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service segmentation fault and ceph monitor crash via an 1 empty or 2 crafted prefix...

CVE-2019-7692

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder...

CVE-2019-7692

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder...

CVE-2016-5009

The handlecommand function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service segmentation fault and ceph monitor crash via an 1 empty or 2 crafted prefix...

DEBIAN-CVE-2016-5009

The handlecommand function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service segmentation fault and ceph monitor crash via an 1 empty or 2 crafted prefix...

CVE-2016-5009

The handlecommand function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service segmentation fault and ceph monitor crash via an 1 empty or 2 crafted prefix...

Command injection

The handlecommand function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service segmentation fault and ceph monitor crash via an 1 empty or 2 crafted prefix...

CVE-2016-5009

The handlecommand function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service segmentation fault and ceph monitor crash via an 1 empty or 2 crafted prefix...

UBUNTU-CVE-2016-5009

The handlecommand function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service segmentation fault and ceph monitor crash via an 1 empty or 2 crafted prefix...

CVE-2016-5009

The handlecommand function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service segmentation fault and ceph monitor crash via an 1 empty or 2 crafted prefix...

Red Hat Ceph Storage Denial of Service Vulnerability

Red Hat Ceph Storage is a suite of scalable, open software-defined storage platforms from Red Hat USA. A denial of service vulnerability exists in the 'handlecommand' function in Red Hat Ceph Storage. An attacker can exploit this vulnerability by sending a specially crafted prefix to cause a deni...

CVE-2010-3035

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service peering reset via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, a...

Code injection

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service peering reset via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, a...

CVE-2010-3035

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service peering reset via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, a...

CVE-2010-3035

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service peering reset via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, a...

PT-2010-4507 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR versions 3.4.0 through 3.9.1 Description: The issue arises when Cisco IOS XR does not properly handle unrecognized transitive attributes in BGP, allowing remote attackers to cause a denial of service peering reset via a crafted...

CVE-2007-1860

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

CVE-2007-1860

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...