Lucene search
+L

27 matches found

OSV
OSV
added 2022/05/17 5:17 a.m.22 views

GHSA-89CP-FVCC-HXH7 Symfony Access Control Vulnerability

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /internal substring...

6.8CVSS6.5AI score0.01173EPSS
Exploits0References5
OSV
OSV
added 2021/02/22 9:15 p.m.3 views

CVE-2020-36232

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it...

5CVSS6AI score0.00975EPSS
Exploits0References1
Prion
Prion
added 2021/02/22 9:15 p.m.21 views

Design/Logic Flaw

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it...

4CVSS5AI score0.00975EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/02/22 8:46 p.m.63 views

CVE-2020-36232

CVE-2020-36232 affects the atlassian-gadgets plugin used by Atlassian Jira Server/Data Center. The vulnerability arises from MessageBundleWhiteList handling that allowed unexpected DNS lookups and requests to arbitrary services by obtaining the application base URL from the executing HTTP request...

5CVSS5AI score0.00975EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.8 views

The vulnerability of the Linter Bastion database management system allows a malicious individual to halt any arbitrary service on a remote computer.

The RPC call with number 0x08 "0x0040AB4E" allows a malicious individual to terminate any service on a remote computer where the linstmgr.exe program is running, even though they have no authority to do so. For example, this could involve terminating the Linter Bastion database management system,...

7.5CVSS5.6AI score
Exploits0Affected Software1
Prion
Prion
added 2012/12/27 11:47 a.m.18 views

Code injection

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /internal substring...

6.8CVSS7.3AI score0.01173EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2011/04/18 5:55 p.m.24 views

Code injection

Red Hat Network RHN Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to 1 obtain unspecified sensitive host information or 2 use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors...

6.4CVSS7AI score0.01708EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder