CVE-2026-47067

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

CVE-2026-47067

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

CVE-2025-69644

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...

CVE-2025-69644

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...

SUSE CVE-2007-5198

Buffer overflow in the redir function in checkhttp.c in Nagios Plugins before 1.4.10, when running with the -f follow option, allows remote web servers to execute arbitrary code via Location header responses redirects with a large number of leading "L" characters...

SUSE CVE-2015-7195

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect...

Advanced Package Tool Remote Code Execution (CVE-2019-3462)

A remote code execution vulnerability exists in Advanced Package Tool. The vulnerability is due to lack of sanitation on Location headers in HTTP responses. Successful exploitation could result in installation and execution of altered packages...

CVE-2015-7195

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect...

UBUNTU-CVE-2015-7195

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect...

USN-1613-2: Python 2.4 vulnerabilities

USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. Original advisory details: It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working...

Ubuntu 10.04 LTS / 10.10 / 11.04 : python3.1, python3.2 vulnerabilities (USN-1314-1)

Giampaolo Rodola discovered that the smtpd module in Python 3 did not properly handle certain error conditions. A remote attacker could exploit this to cause a denial of service via daemon outage. This issue only affected Ubuntu 10.04 LTS. CVE-2010-3493 Niels Heinen discovered that the urllib...

seamonkey: Update to Mozilla Seamonkey 2.4 (important)

Mozilla Seamonkey was updated to version 2.4, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption...

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2011:1341 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System...

CVE-2011-1521

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service resource consumption via a crafted URL, as...

urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service resource consumption via a crafted URL, as...

Mozilla Product(s) 'javascript:' URI XSS Vulnerability - Sep09 (Linux)

This host is installed with Mozilla Products and is prone to Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbmozillaprdtsjsurixssvulnsep09lin.nasl 6482 2017-06-29 08:31:43Z cfischer $ Mozilla Products 'javascript:' URI XSS Vulnerability - Sep09 Linux Authors: Sharath S...

CVE-2009-3013

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Location header that contains JavaScript sequences in a...

Cross site scripting

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Location header that contains JavaScript sequences in a...

Cross site scripting

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Location header that contains JavaScript...

CVE-2009-3012

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Location header that contains JavaScript...