4 matches found
CVE-2026-48858
The CVE-2026-48858 entry describes a Server-Side Request Forgery (SSRF) flaw in Erlang/OTP ftp’s PASV path: the ftp_internal PASV handler accepts the server’s 227 response IP and passes it to gen_tcp:connect without validating it against the control connection peer, unlike EPSV handlers. This ena...
CVE-2026-41670 Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest
Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...
SUSE CVE-2020-25108
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked it can be set to an arbitrary value from a packet. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...
DEBIAN-CVE-2022-46391
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks...