77 matches found
EUVD-2026-41425
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...
JLSEC-2026-409
An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...
OpenClaw Input Validation Error Vulnerability
OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the matchesExecAllowlistPattern function performing lowercase conversions and wildcard matching on POSIX paths when normalizing patterns, resulting in a...
TencentOS Server 3: curl (TSSA-2023:0172)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0172 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
VulnCheck KEV: CVE-2013-2134
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...
EUVD-2015-7724
Malware in sbrugna...
EUVD-2024-54457
Malicious code in bioql PyPI...
EUVD-2023-32028
Malicious code in bioql PyPI...
ManageEngine SupportCenter Plus < 14.9 Build 14940 Privilege Escalation
The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex rule...
tranport: TLS host name wildcard matching too lax
...
DEBIAN-CVE-2024-47619
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...
CVE-2024-47619 tranport: TLS host name wildcard matching too lax
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...
micromatch 安全漏洞
micromatch is a highly optimized wildcard and global matching library from the micromatch open source. A security vulnerability exists in micromatch that stems from an inability to limit the number of characters that can be processed, which could lead to memory exhaustion...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3425)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
curl: IDN wildcard match may lead to Improper Cerificate Validation
A flaw was found in the Curl package. An incorrect International Domain Name IDN wildcard match may lead to improper certificate validation...
curl: IDN wildcard match may lead to Improper Cerificate Validation
A flaw was found in the Curl package. An incorrect International Domain Name IDN wildcard match may lead to improper certificate validation...
curl: IDN wildcard match may lead to Improper Cerificate Validation
A flaw was found in the Curl package. An incorrect International Domain Name IDN wildcard match may lead to improper certificate validation...
EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2023-2537)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when...
curl: IDN wildcard match may lead to Improper Cerificate Validation
A flaw was found in the Curl package. An incorrect International Domain Name IDN wildcard match may lead to improper certificate validation...
Improper Certificate Validation
libcurl.so is vulnerable to Improper Certificate Validation. In place of a library's built-in name matching function, Curl may utilize its own name matching function for TLS. IDN hosts could be mismatched by this private wildcard matching function since they are rendered in a weak form before...