24 matches found
MiracleLinux 9 : nodejs:20 (AXSA:2024-7667:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7667:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...
EUVD-2016-7979
Malware in sbrugna...
EUVD-2016-2219
Malware in sbrugna...
EUVD-2014-3521
Malware in sbrugna...
[SECURITY] [DLA 4285-1] golang-github-gin-contrib-cors security
------------------------------------------------------------------------- Debian LTS Advisory DLA-4285-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 28, 2025 https://wiki.debian.org/LTS -...
Debian dla-4285 : golang-github-gin-contrib-cors-dev - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4285 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4285-1 [email protected] https://www.debian.org/lts/security/...
CVE-2025-4232
An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root...
DEBIAN-CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
Gin-Gonic CORS middleware security vulnerability
Gin-Gonic CORS middleware is a Gin middleware program from Gin-Gonic open source. A security vulnerability exists in Gin-Gonic CORS middleware versions prior to 1.6.0 due to improper handling of wildcards at the end of source strings...
PT-2024-10742
Name of the Vulnerable Software and Affected Versions: Gin-Gonic CORS middleware versions prior to 1.6.0 Description: The issue arises from the mishandling of a wildcard at the end of an origin string by the parseWildcardRules function in Gin-Gonic CORS middleware. This results in unintended...
USN-6237-2: curl regression
USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain...
springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...
PT-2023-19917 · Sniproxy +2 · Sniproxy +2
Name of the Vulnerable Software and Affected Versions: SNIProxy versions 0.6.0-2 through the master branch commit: 822bb80df9b7b345cc9eba55df74a07b498819ba Description: A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS...
SUSE CVE-2013-7440
The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate...
Phoenix framework 安全漏洞
Phoenix framework is Phoenix framework open source a functional programming language Elixir written in the Web development framework. A security vulnerability exists in Phoenix framework versions prior to 1.6.14, which stems from its socket/transport.ex incorrectly handling the checkorigin wildca...
PT-2022-15001 · Spicedb · Spicedb
Name of the Vulnerable Software and Affected Versions: SpiceDB versions 1.3.0 Description: The issue concerns the handling of wildcard relationships in SpiceDB, specifically within exclusion or intersection operations. When a user utilizes a wildcard relationship under the right-hand branch of an...
shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains
shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. Based on the work on massdns project by @blechschmidt. Features Simple and modular code ba...
CVE-2016-7099
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...
DEBIAN-CVE-2016-7099
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...
CVE-2013-7440
The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate...