27 matches found
GHSA-89CP-FVCC-HXH7 Symfony Access Control Vulnerability
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /internal substring...
CVE-2020-36232
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it...
Design/Logic Flaw
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it...
CVE-2020-36232
CVE-2020-36232 affects the atlassian-gadgets plugin used by Atlassian Jira Server/Data Center. The vulnerability arises from MessageBundleWhiteList handling that allowed unexpected DNS lookups and requests to arbitrary services by obtaining the application base URL from the executing HTTP request...
The vulnerability of the Linter Bastion database management system allows a malicious individual to halt any arbitrary service on a remote computer.
The RPC call with number 0x08 "0x0040AB4E" allows a malicious individual to terminate any service on a remote computer where the linstmgr.exe program is running, even though they have no authority to do so. For example, this could involve terminating the Linter Bastion database management system,...
Code injection
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /internal substring...
Code injection
Red Hat Network RHN Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to 1 obtain unspecified sensitive host information or 2 use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors...