Lucene search
K

123 matches found

Mageia
Mageia
added 2024/04/23 1:20 a.m.25 views

Updated perl-Clipboard package fix security vulnerability

Version 0.29 fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'...

7.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.2 views

PT-2024-41049 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.29 Description: The issue concerns the execution of commands with multi-line clipboard text, including "| sh". Recommendations: For versions prior to 0.29, update to version 0.29 to resolve the issue...

7.6AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/12/27 12:0 a.m.23 views

NewStart CGSL MAIN 5.04 : gzip Vulnerability (NS-SA-2023-0103)

The remote NewStart CGSL host, running version MAIN 5.04, has gzip packages installed that are affected by a vulnerability: - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, thi...

8.8CVSS7AI score0.04271EPSS
Exploits0References3
Amazon
Amazon
added 2023/09/25 12:0 a.m.3 views

Important: ansible

Issue Overview: A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special templa...

7.1CVSS6.9AI score0.00854EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:28 p.m.36 views

K17189: Apache HTTP server vulnerability CVE-2008-0456

Security Advisory Description CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP...

2.6CVSS6.8AI score0.19036EPSS
Exploits1Affected Software18
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.6 views

SUSE CVE-2019-8324

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...

7.8CVSS7.4AI score0.03219EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/01/23 12:0 a.m.5 views

The vulnerability of the Ansible software package, related to the failure to cleanse input data, allows a perpetrator to access confidential information and compromise its integrity.

The vulnerability of the Ansible software package lies in the lack of measures taken to sanitize special characters in multi-line YAML strings. Exploiting this vulnerability allows an attacker to gain access to confidential data and compromise its integrity...

7.1CVSS7.1AI score0.00854EPSS
Exploits0References9Affected Software4
F5 Networks
F5 Networks
added 2022/12/27 4:42 a.m.42 views

K82567234: NodeJS vulnerability CVE-2022-32215

Security Advisory Description The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. CVE-2022-32215 Impact Impact There is no impact; F5 products are not affected b...

6.5CVSS6.9AI score0.68796EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/11/04 12:0 a.m.41 views

Amazon Linux 2022 : xz, xz-devel, xz-libs (ALAS2022-2022-187)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-187 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

8.8CVSS6.9AI score0.04271EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 5:31 p.m.41 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Vulnerability Details CVEID:CVE-2022-32215 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle multi-line Transfer-Encoding headers by t...

8.1CVSS7.8AI score0.68796EPSS
Exploits1Affected Software1
Node JS Blog
Node JS Blog
added 2022/09/15 12:0 a.m.56 views

September 23rd 2022 Security Releases

September 23rd 2022 Security Releases Update 26-September-2022 Security releases available Recommendation update regarding CVE-2022-35255: Roll-out and re-issue all keys generated with WebCrypto.subtle.generateKey. Re-evaluate the confidentiality of data encrypted with those keys. Update...

9.1CVSS8AI score0.68796EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2022/09/08 7:45 a.m.4 views

nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding

A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle...

6.5CVSS7.5AI score0.68796EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2022/09/08 7:0 a.m.5 views

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example a crafted file name) this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote low privileged attacker to force zgrep to write arbitrary files on the system.

...

8.8CVSS7.2AI score0.04271EPSS
Exploits0
OSV
OSV
added 2022/08/31 4:15 p.m.2 views

DEBIAN-CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS6.8AI score0.04271EPSS
Exploits0References1
OSV
OSV
added 2022/08/31 4:15 p.m.5 views

ALPINE-CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS6.7AI score0.04271EPSS
Exploits0References1
NVD
NVD
added 2022/08/31 4:15 p.m.17 views

CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS0.04271EPSS
Exploits0References9
OSV
OSV
added 2022/08/31 4:15 p.m.6 views

AZL-10819 CVE-2022-1271 affecting package gzip for versions less than 1.12-1

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS6.8AI score0.04271EPSS
Exploits0References1
Prion
Prion
added 2022/08/31 4:15 p.m.34 views

Input validation

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

6.5CVSS8.4AI score0.04271EPSS
Exploits0References9Affected Software3
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2022-0294)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.77766EPSS
Exploits5References9
Hacker One
Hacker One
added 2022/08/10 8:50 a.m.76 views

Node.js: HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper fix for CVE-2022-32215)

Summary: Due to an incomplete fix for CVE-2022-32215, the llhttp parser in the http module in Node v16.16.0 and 18.7.0 still does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. Description: add more details about this vulnerability We have...

6.4CVSS7.4AI score0.68796EPSS
Exploits1
Rows per page
Query Builder