Alt Redirect: Potential Authentication Bypass by Spoofing through query-string stripping logic flaw

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter...

CVE-2025-60868

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter...

PT-2025-41562

Name of the Vulnerable Software and Affected Versions Statamic Alt Redirect version 1.6.3 Description The Alt Redirect 1.6.3 addon for Statamic does not consistently remove query string parameters when the "Query String Strip" feature is enabled. Variations in case, encoded keys, and duplicate...

Alt Redirect: Potential Authentication Bypass by Spoofing through query-string stripping logic flaw

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter...

SUSE CVE-2023-50981

ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853...

Denial Of Service (DoS)

org.bouncycastle: bcprov is vulnerable to Denial of Service DoS. The vulnerability arises due to parsing certificates in the PEMParser class. This class is responsible for parsing X.509 certificates, encoded keys and PKCS7 objects. The parser can throw an OutOfMemoryError while parsing crafted...

SAP Netweaver AS JAVA Information Disclosure Vulnerability (CNVD-2021-03706)

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP Netweaver AS JAVA Key Storage Service versions 7.10, 7.11,...

SAP AS JAVA 安全漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP Netweaver AS JAVA Key Storage Service versions 7.10, 7.11,...

CVE-2017-11424

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

CVE-2017-11424

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36)

A use-after-free flaw was found in the way NSS processed certain DER Distinguished Encoding Rules encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause th...

Moderate: Red Hat Security Advisory: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update

An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CentOS Update for nss-util CESA-2016:0591 centos6

Check the version of nss-util SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882447";...

Mozilla Network Security Services Memory Misreference Vulnerability

Firefox is an open source web browser. A memory misreference vulnerability in the handling of DER-encoded keys by Mozilla Network Security Services allows remote attackers to exploit the vulnerability to construct a malicious web page that can be tricked into parsing by a user, which can crash th...

Updated firefox packages fix security vulnerabilities

Updated nss and firefox packages fix security vulnerabilities: Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash...

FreeBSD : NSS -- multiple vulnerabilities (c4292768-5273-4f17-a267-c5fe35125ce4)

Mozilla Foundation reports : Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially crafted certificate which, when parsed by NSS, would cause it to cras...

Use-after-free during processing of DER encoded keys in NSS — Mozilla

Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services NSS libraries. The vulnerability overwrites the freed memory with zeroes. This issue has been addressed ...

NSS -- multiple vulnerabilities

Mozilla Foundation reports: Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash...