Lucene search
K

107 matches found

Cvelist
Cvelist
added 2020/01/09 6:41 p.m.15 views

CVE-2020-1925

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can...

7.4AI score0.0283EPSS
Exploits0References1
CVE
CVE
added 2020/01/09 6:41 p.m.138 views

CVE-2020-1925

CVE-2020-1925 - Apache Olingo SSRF issue : Multiple sources describe a vulnerability in Apache Olingo versions 4.0.0–4.7.0 where the AsyncRequestWrapperImpl reads a URL from the Location header and then issues a GET or DELETE request to that URL. This can enable a Server-Side Request Forgery (SSR...

7.5CVSS7.3AI score0.0283EPSS
Exploits0References1Affected Software1
Symantec
Symantec
added 2020/01/08 12:0 a.m.25 views

Apache Olingo CVE-2020-1925 Server Side Request Forgery Access Bypass Vulnerability

Description Apache Olingo is prone to an access-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Apache Olingo versions prior to 4.7.1 are vulnerable. Technologies Affected Apache Oling...

0.9AI score0.0283EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2019/11/10 7:12 p.m.15 views

ffua.skridsko.net Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1011370 Security Researcher Gh05tPT Helped patch 6901 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting ffua.skridsko.net websit...

Exploits0
CVE
CVE
added 2019/08/07 9:10 p.m.75 views

CVE-2019-1925

Cisco Webex Network Recording Player and Webex Player for Windows are affected by multiple issues caused by improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a crafted ARF/WRF file delivered via link or email attachment. The vulnerabilities stem from memory...

9.3CVSS7.9AI score0.01452EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2019/04/15 2:55 p.m.58 views

CVE-2018-1925

CVE-2018-1925 affects IBM WebSphere MQ (and the MQ Console) versions 9.1.0.0, 9.1.0.1, and 9.1.1, where weaker-than-expected cryptographic algorithms could permit an attacker to decrypt highly sensitive information (man-in-the-middle risk). Connected IBM advisories corroborate affected ranges and...

5.9CVSS5.9AI score0.00877EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/10 11:5 a.m.26 views

Security Bulletin: IBM MQ Console is vulnerable to a man in the middle attack (CVE-2018-1925)

Summary The IBM MQ Console is vulnerable to a man in the middle attack caused by weaker than expected cryptographic algorithms. Vulnerability Details CVEID: CVE-2018-1925 DESCRIPTION: IBM MQ uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitiv...

5.9CVSS0.7AI score0.00877EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2018/01/05 2:0 p.m.8 views

CVE-2017-1925

...

Exploits0
CVE
CVE
added 2018/01/05 2:0 p.m.26 views

CVE-2017-1925

CVE-2017-1925 entry is rejected and not used per description.

7.3AI score
Exploits0
OSV
OSV
added 2017/01/23 9:59 p.m.3 views

CVE-2016-1925

Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the 1 level0 or 2 level1 header in a lha archive, which triggers a buffer overflow...

9.8CVSS6.2AI score0.02985EPSS
Exploits0References3
NVD
NVD
added 2017/01/23 9:59 p.m.20 views

CVE-2016-1925

Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the 1 level0 or 2 level1 header in a lha archive, which triggers a buffer overflow...

9.8CVSS9.8AI score0.02985EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/01/23 9:59 p.m.19 views

CVE-2016-1925

Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the 1 level0 or 2 level1 header in a lha archive, which triggers a buffer overflow...

9.8CVSS7.6AI score0.02985EPSS
Exploits0References2
CVE
CVE
added 2017/01/23 9:0 p.m.51 views

CVE-2016-1925

CVE-2016-1925 : A vulnerability in LHarc’s LHa tool arises from an integer underflow in header.c when parsing level0/level1 headers in a crafted LHarc archive with a large header size, triggering a buffer overflow. Connected advisories confirm this affects LHa and describe potential remote impact...

9.8CVSS9.6AI score0.02985EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/08/29 12:0 a.m.27 views

SUSE SLES11 Security Update : lha (SUSE-SU-2016:1904-1)

lha was updated to fix one security issue. This security issue was fixed : - CVE-2016-1925: Buffer Overflow while parsing level0 and level1 headers bsc962528. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

9.8CVSS7.3AI score0.02985EPSS
Exploits0References4
OSV
OSV
added 2016/07/28 3:1 p.m.3 views

SUSE-SU-2016:1904-1 Security update for lha

lha was updated to fix one security issue. This security issue was fixed: - CVE-2016-1925: Buffer Overflow while parsing level0 and level1 headers bsc962528...

9.8CVSS9.5AI score0.02985EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/05/09 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2016-0142)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.02985EPSS
Exploits0References4
Mageia
Mageia
added 2016/04/21 2:52 p.m.44 views

Updated lha packages fix CVE-2016-1925

Updated lha package fixes security vulnerability: The lha command is vulnerable to a buffer overflow while processing level 0 and level 1 headers while extracting an archive CVE-2016-1925...

9.8CVSS4.7AI score0.02985EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/10/23 12:0 a.m.31 views

Oracle: Security Advisory (ELSA-2015-1925)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS7.3AI score0.01046EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/10/23 12:0 a.m.27 views

Oracle Linux 5 : kvm (ELSA-2015-1925)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1925 advisory. kvm-83-274.0.1.el5 - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch kvm-83.274.el5 -...

7.2CVSS7.1AI score0.01046EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2015/10/14 12:0 a.m.9 views

IBM Tivoli Storage Manager FastBack Server Opcode 1332 Buffer Overflow (CVE-2015-1925)

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking on parameters in opcode 1332 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...

7.8CVSS9.6AI score0.03281EPSS
Exploits1
Rows per page
Query Builder