Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/03/29 3:37 p.m.8 views

Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)

Summary There is a potential vulnerability in Traefik due to its dependency on an affected version of gRPC-Go CVE-2026-33186. A remote, unauthenticated attacker can send gRPC requests with a malformed HTTP/2 :path pseudo-header omitting the mandatory leading slash e.g., Service/Method instead of...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References7Affected Software2
RedHat Linux
RedHat Linux
added 2023/04/25 10:44 a.m.6 views

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS6.9AI score0.01036EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/04/19 7:27 p.m.5 views

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS6.9AI score0.01036EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/04/19 4:4 p.m.4 views

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS6.9AI score0.01036EPSS
Exploits0References4
OSV
OSV
added 2018/11/07 5:29 a.m.3 views

DEBIAN-CVE-2018-19052

An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the alias target...

7.5CVSS7AI score0.1408EPSS
Exploits1References1
curl security advisories
curl security advisories
added 2005/12/07 8:0 a.m.7 views

URL Buffer Overflow

libcurl's URL parser function can overflow a heap based buffer in two ways, if given a too long URL. These overflows happen if you 1 - pass in a URL with no protocol like "http://" prefix, using no slash and the string is 256 bytes or longer. This leads to a single zero byte overflow of the heap...

4.6CVSS5.5AI score0.00516EPSS
Exploits0Affected Software2
Rows per page
Query Builder