MiracleLinux 8 : thunderbird-102.10.0-2.el8.ML.1 (AXSA:2023-5300:14)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5300:14 advisory. Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerabl...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Spring framework (CVE-2025-41234)

Summary A vulnerability in the Spring framework that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflect...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in Spring Framework

Summary There is vulnerability in Spring Framework used by Integrated Webservices in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring...

OESA-2024-2474 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

DEBIAN-CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

SUSE CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

UBUNTU-CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to improper validation of the Content-Disposition header when the filename was provided by the user. Exploiting this vulnerability results in a reflected file download RFD attack...

DEBIAN-CVE-2022-36359

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...

PYSEC-2022-245

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...

PYSEC-2022-245

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...

PT-2022-7209 · Django +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.14 Django versions 4.0 through 4.0.6 Description: An issue was discovered in the HTTP FileResponse class. The application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition...

UBUNTU-CVE-2017-18123

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs...