Linux Distros Unpatched Vulnerability : CVE-2017-15897

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified...

PT-2025-23103 · Git +1 · Espeak-Ng

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software suffers from a stack-buffer-overflow read issue. The crash state involves utf8 in2, MatchRule, and TranslateRules. Recommendations: At the moment...

CVE-2024-56277 WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability

Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through 5.5.5...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50194)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50194 advisory. - In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Fix uprobes for big-...

CVE-2024-8179

CVE-2024-8179 affects GitLab CE/EE, specifically versions 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. The issue is caused by improper output encoding that can lead to cross-site scripting (XSS) if CSP is not enabled. The vulnerability is scoped to the web page generation path ...

CVE-2024-48866

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2024-2505)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services,...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2505)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-7174 · Sap · Sap Commerce Backoffice

Name of the Vulnerable Software and Affected Versions: SAP Commerce Backoffice affected versions not specified Description: The issue is related to the lack of proper encoding of user-controlled inputs in the SAP Commerce Backoffice web application, leading to a Cross-Site Scripting XSS...

OSV-2024-1164 Use-of-uninitialized-value in format_message

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=369652826 Crash type: Use-of-uninitialized-value Crash state: formatmessage ultrahdr::JpegEncoderHelper::encode ultrahdr::JpegEncoderHelper::compressImage...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2440)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2024-1724706840 httpd: Fix of 8 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

OESA-2024-2051 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests...

SUSE-SU-2024:2999-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in modrewrite bsc1227278 - CVE-2024-38473: Fixed encoding problem in modproxy bsc1227276...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

httpd: Encoding problem in mod_proxy

A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication...

CVE-2024-6329

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

CVE-2024-6329 Improper Encoding or Escaping of Output in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...