27 matches found
EUVD-2008-2353
Malware in sbrugna...
EUVD-2010-0531
Malware in sbrugna...
EUVD-2014-0388
Malware in sbrugna...
EUVD-2022-32836
Malicious code in bioql PyPI...
CVE-2010-0500
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service arbitrary client blacklisting via a crafted DNS PTR record, related to a "plist injection issue."...
SUSE CVE-2008-2357
Stack-based buffer overflow in the splitredraw function in split.c in mtr before 0.73, when invoked with the -p aka --split option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the nsnamentop function in...
SUSE CVE-2022-28391
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...
Cross Site Scripting (XSS)
busybox is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to arbitrary code execution which allows an attacker to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal...
CVE-2022-28391
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...
AZL-9311 CVE-2022-28391 affecting package busybox for versions less than 1.35.0-2
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...
AZL-41790 CVE-2022-28391 affecting package busybox for versions less than 1.36.1-3
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...
CVE-2022-28391
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...
PT-2022-3700 · Busybox +2 · Busybox +2
Name of the Vulnerable Software and Affected Versions: BusyBox versions prior to 1.35.0 Description: The issue is related to the lack of input sanitization in the BusyBox command-line utility set, specifically affecting the netstat utility when printing DNS PTR records to a VT-compatible terminal...
CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
Code injection
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
CVE-2014-0350
The CVE concerns POCO C++ Libraries’ NetSSL X509Certificate::verify in Poco::Net, vulnerable before 1.4.6p4 to MITM via crafted DNS PTRs during server-name wildcard comparison. Affected product: POCO’s NetSSL in POCO C++ Libraries; root cause: weak validation of X.509 CN/SAN matching against wild...
CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
Design/Logic Flaw
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service arbitrary client blacklisting via a crafted DNS PTR record, related to a "plist injection issue."...