16 matches found
Astra Linux - уязвимость в firefox, thunderbird
When a user clicks on an FTP URL containing encoded newline characters %0A and %0D, these newline characters are interpreted as such, allowing arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
EUVD-2017-16467
Malware in sbrugna...
EUVD-2021-10922
Malware in sbrugna...
EUVD-2025-12656
Malicious code in bioql PyPI...
CVE-2025-4086
CVE-2025-4086 affects Thunderbird for Android and Firefox/ Thunderbird versions earlier than 138. The issue is triggered by a filename containing a large number of encoded newline characters that can obscure the file extension in the download dialog, potentially misleading users about the downloa...
SUSE CVE-2020-5260
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...
SUSE CVE-2021-24002
When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
CVE-2021-24002
CVE-2021-24002 is a vulnerability observed in Firefox before 88 and Thunderbird before 78.10 where clicking an FTP URL containing encoded newline characters (%0A, %0D) could cause the server to interpret newlines and execute arbitrary commands. Affected products include Firefox ESR < 78.10, Fi...
CVE-2021-24002
When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
PT-2020-2069 · Git +5 · Git +5
Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.17.4 Git versions prior to 2.18.3 Git versions prior to 2.19.4 Git versions prior to 2.20.3 Git versions prior to 2.21.2 Git versions prior to 2.22.3 Git versions prior to 2.23.2 Git versions prior to 2.24.2 Git versio...
UBUNTU-CVE-2017-7443
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...
CVE-2017-7443
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...
Debian Security Advisory DSA 631-1 (kdelibs)
The remote host is missing an update to kdelibs announced via advisory DSA 631-1. OpenVAS Vulnerability Test $Id: deb6311.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 631-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
security flaw
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline "%0a" before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command...
CVE-2004-1166
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline "%0a" before the FTP command, which causes the commands to be inserted into the resulting FTP...
CVE-2002-1575
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline %0a characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message...