11 matches found
Netfoil has incorrect allowlist enforcement
Summary Rules could be bypassed by changing the first character: example.com could be be bypassed by e.g. fxample.com. Details Off-by-one error in the suffixtrie implementation. Impact The domain filter could be bypassed. Please note that DNS filtering alone is not enough to block malicious traff...
CVE-2025-61114
2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...
CVE-2025-61114
2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...
CVE-2025-61114
2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...
VulnCheck KEV: CVE-2022-31793
dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589,...
CLSA-2023-1689885005 python2: Fix of CVE-2023-24329
CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit - Also correct the first CVE-2023-24329 patch: Fix testattributesbadscheme to check for non-ascii symbol as first character of url...
CLSA-2023-1678136626 python: Fix of CVE-2023-24329
CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...
SUSE CVE-2015-4021
The pharparsetarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service integer underflow and memory...
CVE-2022-31793
dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and...
PT-2022-15748 · Unknown +1 · Spring Framework +1
Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.18 Spring Framework versions 5.2.0 through 5.2.20 Spring Framework older unsupported versions Description: The patterns for disallowedFields on a DataBinder in Spring Framework are case sensitive...
GRUB 2 password bypass
Error in password protection allows to boot system by guessing first character of the password...