MiracleLinux 3 : httpd-2.2.3-53.3.0.1.AXS3 (AXSA:2011-346:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-346:03 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2011-3368 The modproxy module in the...

EUVD-2008-0837

Malware in sbrugna...

EUVD-2013-7165

Malware in sbrugna...

EUVD-2024-33358

Malicious code in bioql PyPI...

EUVD-2022-25598

Malicious code in bioql PyPI...

CVE-2025-49595

n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs filesystem:// or filesystem-v2://. This allows authenticated attackers to cause service unavailability through malformed...

CVE-2024-10941

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox 126...

CVE-2024-10941

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox 126...

Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy

Description Path traversal This vulnerability allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the...

PT-2024-28976 · Uri.Java · Uri.Java

Name of the Vulnerable Software and Affected Versions: Uri.java affected versions not specified Description: The issue is related to improper input validation in the scheme of Uri.java, allowing a malformed Uri object to be crafted. This could lead to local escalation of privilege without needing...

CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...

PT-2023-29935 · Spicedb · Spicedb

Name of the Vulnerable Software and Affected Versions: SpiceDB versions prior to 1.27.0-rc1 Description: SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. When the provided datastore URI is malformed, such as having a...

SUSE CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

SUSE CVE-2011-4317

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

CVE-2022-20338

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User...

CVE-2022-20338

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User...

Input validation

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User...

Directory Traversal Through Malformed URI

httpcore5 and httpclient are vulnerable to directory traversal attacks. The vulnerability is possible because the string input by user is not validated for the presence of leading character / and is passed to the constructor as path information...

MyServer 0.4.2 Malformed URI Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8120/info MyServer has been reported to be prone to denial of service attacks when handling certain malformed URIs. This could be exploited to deny availability of web services to legitimate users. This issue was reported...

httpd: reverse web proxy vulnerability

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...