115 matches found
CVE-2019-9827
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...
Server-Side Request Forgery in Hawt Hawtio
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...
CVE-2019-9827
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...
CVE-2019-9827
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...
Server side request forgery (ssrf)
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...
Cache-load gadgets exploitable with L1TF
ISSUE DESCRIPTION Previously reported vulnerabilities CVE-2017-5753 / XSA-254 Spectre V1 and CVE-2018-3646 / XSA-273 L1TF can, when combined, be leveraged to more easily gather leaked information. A Spectre v1 gadget is a speculation sequence which starts with a conditional branch, contains a...
Cisco WebEx Meeting Center URL Redirection Vulnerability
Cisco WebEx Meeting Center is a set of WebEx meeting solutions in the United States Cisco Cisco company's network of online meeting products. The product invites others to join the meeting via e-mail or instant messaging IM, and supports online product demonstrations, information sharing, and mor...
Cisco Jabber Guest Server Open Redirect Vulnerability
Cisco Jabber Guest Server is the United States of America Cisco Cisco company's set of users to interact with the enterprise staff in real time software. A security vulnerability exists in Cisco Jabber Guest Server, which arises from the program's failure to adequately enforce access controls on...
openSUSE Security Update : spice (openSUSE-2016-823)
spice was updated to fix two security issues. These security issues were fixed : - CVE-2016-2150: SPICE allowed local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261 boo982385. - CVE-2016-0749: The...
CVE-2016-2150
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261...
Postfix 1.1.x Denial of Service Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to bounce-scan a private network. It has also been reported that thi...
SuSE 11.3 Security Update : libvirt (SAT Patch Number 9203)
libvirt has been patched to fix two security issues. Further information is available at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0179 and http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6456 These security issues have been fixed : - Unsafe parsing of XML documents allows...
PT-2013-4890 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.2.2 Description: The issue is related to improper access restriction to hosts in the Foreman application. This allows remote attackers to access arbitrary hosts via an API request to the /api/v1/hosts endpoint, whi...
Directory traversal
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors...
CVE-1999-0571
A router's configuration service or management interface such as a web server or telnet is configured to allow connections from arbitrary hosts...