EUVD-2024-19719

Malicious code in bioql PyPI...

django: Django Path Injection Vulnerability

A flaw was found in Django. The request.path component of HTTP requests is not properly escaped when included in internal response logging, allowing remote attackers to manipulate log output through crafted URLs. This vulnerability allows an attacker to inject arbitrary content into Django's...

CVE-2025-0009

CVE-2025-0009 describes a NULL pointer dereference in AMD Crash Defender that could allow a local attacker to write a NULL output to a log file, potentially causing a system crash and loss of availability. Affected: AMD Crash Defender (AMD Graphics vulnerabilities). Root cause: NULL pointer deref...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Flask-CORS vulnerabilities (USN-7612-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7612-1 advisory. It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could...

GHSA-84PR-M4JR-85G5 flask-cors vulnerable to log injection when the log level is set to debug

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

DEBIAN-CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2024-27097

A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade...

Apache Sling 安全漏洞

Apache Sling is an open source Web framework for the Java platform from the Apache Foundation. Designed to create content-centric applications on JSR-170-compliant content repositories such as Apache Jackrabbit, a log injection vulnerability exists in Apache Sling Commons Log version 5.4.0 and...

04webserver 1.42 Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11652/info Multiple remote vulnerabilities reportedly affect 04WebServer. These issues are due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage these issues to carry out...

Integer overflow

Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files...

CVE-2007-0251

Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files...