19 matches found
EUVD-2026-31012
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...
CVE-2026-43620
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...
curl: Certificate Hostname Validation Bypass via Leading Dot in Hostname
Summary A hostname validation bypass in libcurl's wildcard certificate matching. The hostmatch function fails to handle hostnames starting with a dot, causing .example.com to match .example.com. When hostname starts with ., memchr returns position 0, so the entire hostname including the leading d...
Linux Distros Unpatched Vulnerability : CVE-2021-22881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in...
SUSE CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
actionpack Open Redirect in Host Authorization Middleware
Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. For example, configuration files...
GHSA-QPHC-HF5Q-V8FC actionpack Open Redirect in Host Authorization Middleware
Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. For example, configuration files...
Open Redirect in ActionPack
Overview There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: = 6.0.0. Not affected: 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact Specially crafted...
Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: = 6.0.0. Not affected: 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact ------ Specially crafted...
Open Redirect
rails:sid is vulnerable to open redirect. The Host Authorization middleware is vulnerable because it allows specially crafted Host headers in combination with certain "allowed host" formats to cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacte...
CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
Open redirect
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
UBUNTU-CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
PT-2021-15252
Name of the Vulnerable Software and Affected Versions Action Pack versions prior to 6.1.2.1 Action Pack versions prior to 6.0.3.5 Description The Host Authorization middleware in Action Pack suffers from an open redirect issue. Specially crafted Host headers, in combination with certain "allowed...
CVE-2017-15607
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181...
Embedthis Software GoAhead Arbitrary Code Execution Vulnerability
Embedthis Software GoAhead is an embedded Web server from Embedthis Software, USA. A security vulnerability exists in Embedthis Software GoAhead versions 3.0.0 through 3.4.1, which stems from the program's failure to properly handle path sections that begin with the '.' character in the beginning...
DEBIAN-CVE-2003-1557
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode "-B", allows remote attackers to execute arbitrary code via email containing headers with leading "." characters...