Search CVE reports

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path...

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta...

Unauthenticated Remote Code Execution in Samba DCE/RPC SAMR server

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without validating it against absolute...

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against...

Denial of service against AD DC WINS server

auto-enrolment GPO installing CA certificate over http without verification

WORM vfs module does not block overwrites

Missing access checks on reparse point operations

PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.