107 matches found
CVE-2020-1925
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can...
CVE-2020-1925
CVE-2020-1925 - Apache Olingo SSRF issue : Multiple sources describe a vulnerability in Apache Olingo versions 4.0.0–4.7.0 where the AsyncRequestWrapperImpl reads a URL from the Location header and then issues a GET or DELETE request to that URL. This can enable a Server-Side Request Forgery (SSR...
Apache Olingo CVE-2020-1925 Server Side Request Forgery Access Bypass Vulnerability
Description Apache Olingo is prone to an access-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Apache Olingo versions prior to 4.7.1 are vulnerable. Technologies Affected Apache Oling...
ffua.skridsko.net Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1011370 Security Researcher Gh05tPT Helped patch 6901 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting ffua.skridsko.net websit...
CVE-2019-1925
Cisco Webex Network Recording Player and Webex Player for Windows are affected by multiple issues caused by improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a crafted ARF/WRF file delivered via link or email attachment. The vulnerabilities stem from memory...
CVE-2018-1925
CVE-2018-1925 affects IBM WebSphere MQ (and the MQ Console) versions 9.1.0.0, 9.1.0.1, and 9.1.1, where weaker-than-expected cryptographic algorithms could permit an attacker to decrypt highly sensitive information (man-in-the-middle risk). Connected IBM advisories corroborate affected ranges and...
Security Bulletin: IBM MQ Console is vulnerable to a man in the middle attack (CVE-2018-1925)
Summary The IBM MQ Console is vulnerable to a man in the middle attack caused by weaker than expected cryptographic algorithms. Vulnerability Details CVEID: CVE-2018-1925 DESCRIPTION: IBM MQ uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitiv...
CVE-2017-1925
...
CVE-2017-1925
CVE-2017-1925 entry is rejected and not used per description.
CVE-2016-1925
Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the 1 level0 or 2 level1 header in a lha archive, which triggers a buffer overflow...
CVE-2016-1925
Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the 1 level0 or 2 level1 header in a lha archive, which triggers a buffer overflow...
CVE-2016-1925
Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the 1 level0 or 2 level1 header in a lha archive, which triggers a buffer overflow...
CVE-2016-1925
CVE-2016-1925 : A vulnerability in LHarc’s LHa tool arises from an integer underflow in header.c when parsing level0/level1 headers in a crafted LHarc archive with a large header size, triggering a buffer overflow. Connected advisories confirm this affects LHa and describe potential remote impact...
SUSE SLES11 Security Update : lha (SUSE-SU-2016:1904-1)
lha was updated to fix one security issue. This security issue was fixed : - CVE-2016-1925: Buffer Overflow while parsing level0 and level1 headers bsc962528. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
SUSE-SU-2016:1904-1 Security update for lha
lha was updated to fix one security issue. This security issue was fixed: - CVE-2016-1925: Buffer Overflow while parsing level0 and level1 headers bsc962528...
Mageia: Security Advisory (MGASA-2016-0142)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated lha packages fix CVE-2016-1925
Updated lha package fixes security vulnerability: The lha command is vulnerable to a buffer overflow while processing level 0 and level 1 headers while extracting an archive CVE-2016-1925...
Oracle: Security Advisory (ELSA-2015-1925)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 : kvm (ELSA-2015-1925)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1925 advisory. kvm-83-274.0.1.el5 - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch kvm-83.274.el5 -...
IBM Tivoli Storage Manager FastBack Server Opcode 1332 Buffer Overflow (CVE-2015-1925)
A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking on parameters in opcode 1332 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...