CLSA-2026-1778175425 curl: Fix of 2 CVEs

CVE-2016-8624: invalid URL parsing with '' - CVE-2016-8623: use-after-free via shared cookies...

EUVD-2025-178600

Malicious code in hash-char-new-alert-sandbox npm...

USN-6530-2 haproxy vulnerability

Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character . A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain pathend rules...

CLSA-2023-1703183930 haproxy: Fix of CVE-2023-45539

CVE-2023-45539: do not accept '' as part of the URI component...

CVE-2019-19342

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose wi...

curl: Invalid URL parsing with '#'

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

invalid URL parsing with '#'

curl does not parse the authority component of the URL correctly when the host name part ends with a hash character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use a URL parser that follows the RFC to check for allowed...

CURL-CVE-2016-8624 invalid URL parsing with '#'

curl does not parse the authority component of the URL correctly when the host name part ends with a hash character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use a URL parser that follows the RFC to check for allowed...

The vulnerability of the Firefox browser, which allows a hacker to replace web pages

The vulnerability of Firefox browsers is related to errors in processing the "" character in URI data. Exploiting this vulnerability can allow a remote attacker to replace web pages...

Mozilla Firefox Spoofing Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 43.0, which is caused by the program failing to properly handle the '' character in the data: URI. A remote attacker could...

Firefox < 43 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 43. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues by convinci...

Fedora 21 : knot-1.5.2-1.fc21 (2014-10507)

New upstream release : - CVE-2014-0486: remote crash using crafted DNS message - transfers: do not refuse AXFR answers to IXFR queries - fix storing of hash character '' in zone file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...