41 matches found
EUVD-2003-0017
Malware in sbrugna...
EUVD-2025-1802
Malicious code in bioql PyPI...
CLSA-2025-1751133361 open-vm-tools: Fix of CVE-2025-22247
CVE-2025-22247: prevent usage of illegal characters in user names and file paths...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...
CVE-2025-0638 Routinator crashes when illegal characters are present in manifest file names
The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator...
CVE-2025-0638 Routinator crashes when illegal characters are present in manifest file names
The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator...
CVE-2025-0638
The CVE-2025-0638 issue affects Routinator (RPKI validation/RPKI) where the manifest file name parsing allowed non-ASCII characters and could panic, crashing the application. The Fedora advisories and OpenVAS/Nessus entries reference a fix implemented in Routinator 0.14.1-2.fc40 (and correspondin...
PT-2025-3993 · Unknown · Routinator
Name of the Vulnerable Software and Affected Versions: Routinator affected versions not specified Description: The issue arises from the initial code parsing the manifest not checking the content of file names, while later code assumes this check has been performed. When encountering illegal...
CVE-2024-23914
Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MCOpenAssociation function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception...
PT-2024-20171 · Merge · Merge Dicom Toolkit C/C++
Name of the Vulnerable Software and Affected Versions: Merge DICOM Toolkit C/C++ versions ≤5.17.0 Description: The issue is related to the use of an externally-controlled format string vulnerability in the Merge DICOM Toolkit C/C++ on Windows. When the MC Open Association function is used to open...
Merative Merge DICOM Toolkit 安全漏洞
The Merative Merge DICOM Toolkit is a comprehensive API from Merative that complies with the latest DICOM standards. A security vulnerability exists in Merative Merge DICOM Toolkit C/C++ versions v5.6.0 through v.5.17.0, which stems from an unhandled exception that can be caused when using the...
CVE-2024-25155
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...
CVE-2024-25155 Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...
Cross-site Scripting (XSS)
actionpack is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the redirectto functio of redirecting.rb does not properly check the provided URL for illegal characters, resulting in the downstream services which enforce RFC compliance on HTTP response headers to remove the...
Helm Plugin Validation Vulnerability
helm is a Kubernetes package manager. A security vulnerability exists in Helm versions prior to 2.16.11 and 3.3.2, which stems from a failure to properly clean up plugin names and can be exploited by an attacker to use illegal characters in plugin names...
CVE-2020-4548
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID:...
Input validation
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID:...
IBM Content Navigator Input Validation Error Vulnerability (CNVD-2020-47545)
IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. An input validation error vulnerability exists in IBM Content Navigator version 3.0CD. An attacker can exploit this vulnerability to bypass the...
CVE-2020-4282
IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205...
Security Bulletin: Insufficient command validation in IBM Security Information Queue (CVE-2020-4282)
Summary IBM Security Information Queue ISIQ does not implement encoding or escaping of command requests that originate in the web UI. For example, it would be possible to intercept a product configuration request, and replace the product name with illegal characters. As of v1.0.6, ISIQ performs...