Lucene search
K

5 matches found

OSV
OSV
added 2017/07/13 3:29 a.m.2 views

DEBIAN-CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

8.8CVSS6.8AI score0.02345EPSS
Exploits0References1
OSV
OSV
added 2017/01/15 2:59 a.m.0 views

DEBIAN-CVE-2017-5491

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name...

5.3CVSS7AI score0.03224EPSS
Exploits0References1
OSV
OSV
added 2017/01/15 2:59 a.m.2 views

UBUNTU-CVE-2017-5491

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name...

5.3CVSS6.8AI score0.03224EPSS
Exploits0References8
curl security advisories
curl security advisories
added 2016/12/21 8:0 a.m.9 views

Win CE Schannel cert wildcard matches too much

curl's TLS server certificate checks are flawed on Windows CE. This vulnerability occurs in the verify certificate function when comparing a wildcard certificate name as returned by the Windows API function CertGetNameString to the hostname used to make the connection to the server. The...

8.1CVSS7.7AI score0.013EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2016/11/05 12:0 a.m.18 views

PT-2026-42782

Name of the Vulnerable Software and Affected Versions idna affected versions not specified Description The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For instance, ToUnicode"xn--example-.com" returns "example.com" instead of an...

9.8CVSS5.8AI score0.00478EPSS
Exploits0
Rows per page
Query Builder