32 matches found
CVE-2026-7259
A flaw was found in PHP. When an attacker input can influence the encoding passed to mbregexencoding and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in t...
vim security update
8.0.1763-22.0.1 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-22 - RHEL-147935 CVE-2026-25749 vim: Heap Overflow in Vim...
vim security update
8.0.1763-21.0.1 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-21 - RHEL-112003 CVE-2025-53905 vim: Vim path traversial - RHEL-112007 CVE-2025-53906 vim: Vim path traversal 2:8.0.1763-20 - fix issue...
EUVD-2014-2988
Malware in sbrugna...
EUVD-2004-1762
Malware in sbrugna...
GHSA-HXF5-99XG-86HW cap-std doesn't fully sandbox all the Windows device filenames
Impact cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", and so o...
SUSE-SU-2024:3844-1 Security update for 389-ds
This update for 389-ds fixes the following issues: - Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 - Re-enable use of .dsrc basedn for dsidm commands bsc1231462 - Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...
SUSE-SU-2024:3843-1 Security update for 389-ds
This update for 389-ds fixes the following issues: - Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 - Re-enable use of .dsrc basedn for dsidm commands bsc1231462 - Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...
SUSE-SU-2024:3082-1 Security update for 389-ds
This update for 389-ds fixes the following issues: Security issues fixed: - CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ request bsc1225512 - CVE-2024-5953: Fixed a denial of service caused by malformed userPassword hashes bsc1226277 - CVE-2024-2199: Fixe...
SUSE SLES15 Security Update : 389-ds (SUSE-SU-2024:2910-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2910-1 advisory. Security issues fixed: - CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ request bsc1225512 ...
vim security update
8.0.1763-19.0.1.4 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-19.4 - fix issue reported by covscan 2:8.0.1763-19.3 - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in...
postaisde.pt XSS vulnerability
Open Bug Bounty ID: OBB-637343 Description| Value ---|--- Affected Website:| postaisde.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
elseptimoarte.net XSS vulnerability
Open Bug Bounty ID: OBB-611902 Description| Value ---|--- Affected Website:| elseptimoarte.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
codes.iarc.fr XSS vulnerability
Open Bug Bounty ID: OBB-579540 Description| Value ---|--- Affected Website:| codes.iarc.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
entresaoneetsalon.fr XSS vulnerability
Open Bug Bounty ID: OBB-567289 Description| Value ---|--- Affected Website:| entresaoneetsalon.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2014-2966
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism...
Design/Logic Flaw
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism...
CVE-2014-2966
CVE-2014-2966 affects Resin Pro before 4.0.40. The ISO-8859-1 encoder does not perform Unicode transformations correctly, allowing crafted characters to bypass restrictions and the XSS protection mechanism in HTTP responses. The primary affected component is Resin Pro’s ISO-8859-1 output handling...
CVE-2014-2966
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism...
Resin Pro improperly performs Unicode transformations
Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...