Lucene search
K

205 matches found

CNNVD
CNNVD
added 2021/09/27 12:0 a.m.5 views

Datalust Seq 安全漏洞

Datalust Seq is a logging server from Datalust Australia. It is used to speed up diagnostics in complex, asynchronous and distributed applications. A security vulnerability exists in Datalust Seq versions prior to 2021.2.6259, which stems from software that allows a user who applies a view filter...

6.5CVSS6.5AI score0.00954EPSS
Exploits1References2
Prion
Prion
added 2021/06/29 3:15 p.m.18 views

Design/Logic Flaw

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerab...

4CVSS6.1AI score0.00857EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2021/05/19 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2021-1911)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.35963EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2021/04/07 9:5 p.m.52 views

bottle HTTP Request smuggling

The package bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with default...

6.8CVSS6.3AI score0.01837EPSS
Exploits1References8Affected Software1
Veracode
Veracode
added 2021/02/20 6:44 a.m.44 views

Web Cache Poisoning

python-django is vulnerable to web cache poisoning. An attacker may separate query parameters using a semicolon ;, causing a difference in the interpretation of the request between the proxy running with default configuration and the server resulting in malicious requests being cached as complete...

5.9CVSS2.7AI score0.35963EPSS
Exploits1References58Affected Software14
RedhatCVE
RedhatCVE
added 2021/02/15 8:5 p.m.53 views

CVE-2021-23336

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

5.9CVSS2.8AI score0.35963EPSS
Exploits1References4
OSV
OSV
added 2021/02/15 1:15 p.m.20 views

CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

5.9CVSS6AI score
Exploits0References37
AlpineLinux
AlpineLinux
added 2021/02/15 12:15 p.m.36 views

CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

5.9CVSS7.5AI score0.35963EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2021/02/09 12:50 p.m.21 views

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS2.8AI score0.01837EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.26 views

Debian DLA-2531-1 : python-bottle security update

The package src:python-bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.3AI score0.01837EPSS
Exploits1References4
NVD
NVD
added 2021/01/18 12:15 p.m.19 views

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.3AI score0.01837EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/01/18 12:15 p.m.29 views

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.7AI score0.01837EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2021/01/18 11:15 a.m.21 views

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.4AI score0.01837EPSS
Exploits1
Akamai Blog
Akamai Blog
added 2020/08/05 6:0 p.m.32 views

Black Hat Presentation - Web Cache Entanglement

Overview Akamai is aware of the 'Web Cache Entanglement: Novel Pathways to Poisoning' presentation at BlackHat on August 5, 2020. Two security vulnerabilities related to our content delivery networks' caching functionality were presented as part of this research. Akamai would like to thank James...

0.9AI score
Exploits0
OSV
OSV
added 2020/06/05 4:20 p.m.3 views

GHSA-WPJR-J57X-WXFW Data leakage via cache key collision in Django

An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage...

8.2CVSS6.8AI score0.06041EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2020/06/05 4:20 p.m.94 views

Data leakage via cache key collision in Django

An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage...

5.9CVSS3.9AI score0.06041EPSS
Exploits0References15Affected Software1
Veracode
Veracode
added 2020/06/04 4:24 a.m.30 views

Information Disclosure

django is vulnerable to information disclosure. The vulnerability exists as the add, get, set, delete, getmany, incr, decr operations in django/core/cache/backends/memcached.py does not properly validate the cache key...

5.9CVSS1.4AI score0.06041EPSS
Exploits0References14Affected Software4
Tenable Nessus
Tenable Nessus
added 2019/10/03 12:0 a.m.18 views

Fedora 30 : glpi (2019-a1636592a3)

GLPI version 9.4.4 This is a security release, upgrading is highly recommended Non exhaustive list of changes : - security Prevent account takeover vulnerability , - security Prevent execution of XSS on rich text, - fix cache key lenght issues, - fix user picture removal at login, - several fixes...

5.6AI score
Exploits0References2
Veracode
Veracode
added 2019/05/02 5:18 a.m.30 views

Authorization Bypass

firefox/thunderbird is vulnerable to authorization bypass. A remote attacker is able to bypass the CORS preflight protection mechanisms via duplicate cache-key generation or retrieval of a value from an incorrect HTTP Access-Control- response header...

6.4CVSS9.1AI score0.03095EPSS
Exploits0References24Affected Software2
Veracode
Veracode
added 2017/01/05 7:30 a.m.18 views

Authentication Bypass

cipher.googlepam is vulnerable to authentication bypass because it uses the same cache key for all users. When one user logs in successfully, others could not log in using their own passwords. But the first user could now use his password to log in as anyone else...

7AI score
Exploits0
Rows per page
Query Builder