Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.6 views

PT-2024-25995 · W3C · Xml Signature Syntax/Processing

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

8.2CVSS8.6AI score0.99999EPSS
Exploits5References6
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.21 views

openSUSE: Security Advisory for xmltooling (SUSE-SU-2023:3089-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.03055EPSS
Exploits3References2
0day.today
0day.today
added 2024/02/21 12:0 a.m.495 views

Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit

This Metasploit module chains a server side request forgery SSRF vulnerability CVE-2024-21893 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All current...

9.1CVSS8.7AI score0.99999EPSS
Exploits26
Circl
Circl
added 2024/02/20 11:56 p.m.5 views

CVE-2023-36661

creationtimestamp| type| source ---|---|--- 2024-02-20 23:56:50+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanticonnectsecurercecve202421893.rb 2024-03-18 16:03:48+00:00| seen| MISP/b832113b-e603-406a-ba62-aae9ba13b1b4 2025-02-06...

7.5CVSS7.3AI score0.03055EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.23 views

SUSE SLES15: libxmltooling-devel / libxmltooling-lite9 / libxmltooling9 / etc (SUSE-SU-2023:3089-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3089-1 advisory. - CVE-2023-36661: Fix server-side request forgery vulnerability bsc1212359 Tenable has extracted the preceding description blo...

7.5CVSS7.5AI score0.03055EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2023/08/02 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2023:3089-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.03055EPSS
Exploits3References4
OSV
OSV
added 2023/08/01 8:22 a.m.7 views

SUSE-SU-2023:3089-1 Security update for xmltooling

This update for xmltooling fixes the following issues: - CVE-2023-36661: Fix server-side request forgery vulnerability bsc1212359...

7.5CVSS7.6AI score0.03055EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2023/07/27 12:0 a.m.22 views

SUSE SLES12 Security Update : xmltooling (SUSE-SU-2023:2975-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2975-1 advisory. - CVE-2023-36661: Fixed a server-side-request-forgery SSRF vulnerability bsc1212359. Tenable has extracted the preceding description block...

7.5CVSS7.5AI score0.03055EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2023/07/27 12:0 a.m.11 views

SUSE: Security Advisory (SUSE-SU-2023:2975-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.03055EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.22 views

openSUSE 15 Security Update : xmltooling (SUSE-SU-2023:2766-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2766-1 advisory. - CVE-2023-36661: Fixed a server-side-request-forgery SSRF vulnerability bsc1212359. Tenable has extracted the preceding description block directly from the...

7.5CVSS7.5AI score0.03055EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2023/07/04 12:0 a.m.21 views

Debian: Security Advisory (DLA-3464-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.03055EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added 2023/06/27 1:25 a.m.1 views

SUSE CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

5.4CVSS6.8AI score0.03055EPSS
Exploits3References6
NVD
NVD
added 2023/06/25 10:15 p.m.38 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS7.3AI score0.03055EPSS
Exploits3References2
OSV
OSV
added 2023/06/25 10:15 p.m.11 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS7.3AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/25 12:0 a.m.11 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

6.7AI score0.03055EPSS
Exploits3References2
CVE
CVE
added 2023/06/25 12:0 a.m.173 views

CVE-2023-36661

CVE-2023-36661 affects Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider. The underlying issue is a server-side request forgery (SSRF) via a crafted KeyInfo element in XML signatures. This yields unauthenticated SSRF risk with impact on availability (per CVE ...

7.5CVSS7.2AI score0.03055EPSS
In wildExploits3References2Affected Software1
Rows per page
Query Builder