Lucene search
K

24 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : nodejs:20 (AXSA:2024-7667:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7667:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...

9.8CVSS8.2AI score0.03168EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-7979

Malware in sbrugna...

5.9CVSS7.6AI score0.02841EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-2219

Malware in sbrugna...

5.9CVSS6AI score0.02485EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-3521

Malware in sbrugna...

4CVSS8AI score0.05581EPSS
Exploits0References20
Debian
Debian
added 2025/08/28 5:51 p.m.4 views

[SECURITY] [DLA 4285-1] golang-github-gin-contrib-cors security

------------------------------------------------------------------------- Debian LTS Advisory DLA-4285-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 28, 2025 https://wiki.debian.org/LTS -...

9.1CVSS7AI score0.00428EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/28 12:0 a.m.4 views

Debian dla-4285 : golang-github-gin-contrib-cors-dev - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4285 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4285-1 [email protected] https://www.debian.org/lts/security/...

9.1CVSS6.4AI score0.00428EPSS
Exploits0References4
OSV
OSV
added 2025/06/13 12:15 a.m.10 views

CVE-2025-4232

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root...

8.8CVSS5.8AI score0.00426EPSS
Exploits0References1
OSV
OSV
added 2024/06/29 12:15 a.m.3 views

DEBIAN-CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.4AI score0.00428EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/29 12:0 a.m.5 views

Gin-Gonic CORS middleware security vulnerability

Gin-Gonic CORS middleware is a Gin middleware program from Gin-Gonic open source. A security vulnerability exists in Gin-Gonic CORS middleware versions prior to 1.6.0 due to improper handling of wildcards at the end of source strings...

9.1CVSS6.7AI score0.00428EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.6 views

PT-2024-10742

Name of the Vulnerable Software and Affected Versions: Gin-Gonic CORS middleware versions prior to 1.6.0 Description: The issue arises from the mishandling of a wildcard at the end of an origin string by the parseWildcardRules function in Gin-Gonic CORS middleware. This results in unintended...

9.3CVSS7.4AI score0.00428EPSS
Exploits0References20
Ubuntu
Ubuntu
added 2023/07/19 5:34 p.m.77 views

USN-6237-2: curl regression

USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain...

6.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/05/17 1:58 p.m.9 views

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

7.5CVSS7.1AI score0.03514EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/03/30 12:0 a.m.4 views

PT-2023-19917 · Sniproxy +2 · Sniproxy +2

Name of the Vulnerable Software and Affected Versions: SNIProxy versions 0.6.0-2 through the master branch commit: 822bb80df9b7b345cc9eba55df74a07b498819ba Description: A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS...

9.8CVSS9.7AI score0.65515EPSS
Exploits1References29
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.4 views

SUSE CVE-2013-7440

The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate...

5.9CVSS6.8AI score0.01944EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.3 views

Phoenix framework 安全漏洞

Phoenix framework is Phoenix framework open source a functional programming language Elixir written in the Web development framework. A security vulnerability exists in Phoenix framework versions prior to 1.6.14, which stems from its socket/transport.ex incorrectly handling the checkorigin wildca...

7.5CVSS7.2AI score0.0052EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/01/11 12:0 a.m.1 views

PT-2022-15001 · Spicedb · Spicedb

Name of the Vulnerable Software and Affected Versions: SpiceDB versions 1.3.0 Description: The issue concerns the handling of wildcard relationships in SpiceDB, specifically within exclusion or intersection operations. When a user utilizes a wildcard relationship under the right-hand branch of an...

8.1CVSS7.2AI score0.01472EPSS
Exploits0References9
Kitploit
Kitploit
added 2020/03/16 11:30 a.m.194 views

shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. Based on the work on massdns project by @blechschmidt. Features Simple and modular code ba...

7.5AI score
Exploits0References7
OSV
OSV
added 2016/10/10 4:59 p.m.8 views

CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

5.9CVSS6.4AI score
Exploits0References5
OSV
OSV
added 2016/10/10 4:59 p.m.1 views

DEBIAN-CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

5.9CVSS7AI score0.02841EPSS
Exploits0References1
OSV
OSV
added 2016/06/07 6:59 p.m.9 views

CVE-2013-7440

The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate...

5.9CVSS5.6AI score
Exploits0References7
Rows per page
Query Builder