64 matches found
Mageia: Security Advisory (MGASA-2025-0286)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-6221
creationtimestamp| type| source ---|---|--- 2025-08-16 04:05:10+00:00| seen| Telegram/jUBr-2Z07QlPsRlOpLba0gxgcCmPHGp7YgCZ06Htw9qw7s...
Ubuntu: Security Advisory (USN-7612-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-6221
Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2024-6221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior...
Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6221]
Summary The Flask-Cors package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6221. Vulnerability Details CVEID:CVE-2024-6221 DESCRIPTION: Flask-CORS could allow a remote attacker to obtain sensitive information, caused ...
Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...
OESA-2024-2198 python-Flask-Cors security update
A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option...
CVE-2024-6221
creationtimestamp| type| source ---|---|--- 2024-08-18 21:37:39+00:00| seen| https://t.me/cvedetector/3474...
aberoth-ephemeris (>=1.0.0 <=1.0.2), abstra (>=1.8.8 <=2.5.1) +498 more potentially affected by CVE-2024-6221 via flask-cors (>=1.1.2 <=4.0.1)
flask-cors PYPI version =1.1.2, =1.0.0, =1.8.8, =1.1.4, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =0.1.1, =0.0.1, =0.0.18, =1.0.2, =2.5.0, =2.5.0, =0.1.0b2696.post0.dev1, =0.1.8, =0.1.22 and more Source cves: CVE-2024-6221 Source advisory: OSV:GHSA-HXWH-JPP2-84PM...
aberoth-ephemeris (>=1.0.0 <=1.0.2), abstra (>=1.8.8 <=2.5.1) +498 more potentially affected by CVE-2024-6221 via flask-cors (>=1.1.2 <=4.0.1)
flask-cors PYPI version =1.1.2, =1.0.0, =1.8.8, =1.1.4, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =0.1.1, =0.0.1, =0.0.18, =1.0.2, =2.5.0, =2.5.0, =0.1.0b2696.post0.dev1, =0.1.8, =0.1.22 and more Source cves: CVE-2024-6221 Source advisory: OSV:PYSEC-2024-260...
CVE-2024-6221 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app, py3-flask-cors...
CVE-2024-6221 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-flask-cors...
CVE-2024-6221 Improper Access Control in corydolphin/flask-cors
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
CVE-2024-6221
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
CVE-2023-6221
creationtimestamp| type| source ---|---|--- 2024-02-02 00:26:27+00:00| seen| https://t.me/ctinow/177841 2024-02-18 16:11:42+00:00| seen| https://t.me/ctinow/187288...
MachineSense FeverWarn
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : MachineSense LLC. Equipment : MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command...
CVE-2023-3643
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclose...
Design/Logic Flaw
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclose...
CVE-2023-3643
CVE-2023-3643 affects CAREL Boss Mini 1.4.0 (Build 6221). Multiple sources confirm a path traversal leading to local file inclusion in boss/servlet/document, exploitable over network with no user interaction. Proofs of concept and exploit records exist (PacketStorm, Exploit-DB) indicating remote ...