UBUNTU-CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

DEBIAN-CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

ALPINE-CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

CVE-2016-10725

In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" which is supposed to override all other alerts because operations occur in the wrong order. This behavior occurs in the remote network alert system deprecated since Q1 2016. This affects other uses of the...

CVE-2016-10725

In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" which is supposed to override all other alerts because operations occur in the wrong order. This behavior occurs in the remote network alert system deprecated since Q1 2016. This affects other uses of the...

Mozilla: Media recorder segmentation fault when track type is changed during capture

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1, Firefox ESR...

CVE-2018-5109

An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This...

Fedora 26 : php (2018-6071a600e8)

PHP version 7.1.17 26 Apr 2018 Date: - Fixed bug php76131 mismatch arginfo for datecreate. carusogabriel Exif: - Fixed bug php76130 Heap Buffer Overflow READ: 1786 in exifiifaddvalue. Stas FPM: - Fixed bug php68440 ERROR: failed to reload: execvp failed: Argument list too long. Jacob Hipps - Fixe...

Wrong Hostname Assumption

WordPress is vulnerable to the wrong hostname assumption. The wphttpvalidateurl function wrongly treats the URLs with the hostname= localhost as the same host by default...

DEBIAN-CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

GitLab Auth0 integration configuration vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A security...

CVE-2016-7443

Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."...

CVE-2017-5660

There is a vulnerability in Apache Traffic Server ATS 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used...

CVE-2017-12473

ccnlccntlvbytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service application crash via vectors involving packets with "wrong L values."...

CVE-2017-12473

ccnlccntlvbytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service application crash via vectors involving packets with "wrong L values."...

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2)

Exploit for windows platform in category dos / poc / Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to issue 1310 . PoC: / // Enable the flag using '\n'.repeat0x1000 evalfunction f with function printf; ; ; +...

Microsoft Edge Chakra Deferred Parsing

Microsoft Edge: Chakra: Deferred parsing makes wrong scopes 2 CVE-2018-0775 Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to issue 1310 . PoC: // Enable the flag using '\n'.repeat0x1000 evalfunction f with function...

Internet Bug Bounty: Urllib connects to a wrong host

Description ----- The inconsistent of URL parsing and URL fetching are distinct Original bug report ----- - https://bugs.python.org/issue30500 - http://python-security.readthedocs.io/vuln/bpo-30500urllibconnectstoawronghost.html Note ----- - None Thanks : Impact SSRF...

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2)

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes 2 / Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to issue 1310 . PoC: / // Enable the flag using '\n'.repeat0x1000 evalfunction f with function printf; ; ; +...

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2)

/ Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to issue 1310 . PoC: / // Enable the flag using '\n'.repeat0x1000 evalfunction f with function printf; ; ; + '\n'.repeat0x1000; PoC 2: // ./ch poc.js -ForceDeferParse...