32 matches found
SUSE CVE-2018-12116
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...
ALPINE-CVE-2021-37712
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...
CVE-2021-37712
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request then data can be provided which will trigger a second unexpected and user-defined HTTP request to made to the same server.
...
UBUNTU-CVE-2018-12116
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...
The vulnerability of Samba software allows a malicious individual to compromise the accessibility of protected information.
The vulnerability in the pushascii function of Samba’s smbd allows remote users who have completed authentication to trigger a service failure—a memory-related error and an unexpected termination of the daemon—by attempting to read the path name in Unicode format without using Unicode. This leads...
Oracle Linux 6 : samba4 (ELSA-2014-1009)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-1009 advisory. - resolves: 1126011 - CVE-2014-3560: remote code execution in nmbd. - resolves: 1105501 - CVE-2014-0244: DoS in nmbd. - resolves: 1108842 - CVE-2014-3493: DoS i...
samba: smbd unicode path names denial of service
It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to...
Oracle Linux 7 : samba (ELSA-2014-0867)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0867 advisory. - resolves: 1105504 - CVE-2014-0244: DoS in nmbd. - resolves: 1108844 - CVE-2014-3493: DoS in smbd with unicode path names. - resolves: 1105573 -...
samba: smbd unicode path names denial of service
It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to...
samba: smbd unicode path names denial of service
It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to...
UBUNTU-CVE-2014-3493
The pushascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service memory corruption and daemon crash via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a...