** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub.
The host is installed with Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 or 12.2.1.2 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. Successful exploitation allows unauthenticated attacker to have unauthorized creation, deletion or modification access to critica ...
It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.
It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.
lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c.
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target filesystem path does have a trailing "/" character.