Lucene search
K

28 matches found

Github Security Blog
Github Security Blog
added 2025/01/13 7:59 p.m.27 views

OpenFGA Authorization Bypass

Overview OpenFGA v1.3.8 to v1.8.2 Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Am I Affected? You are affected by this authorization bypass vulnerability if you are using OpenFGA...

9.8CVSS6.7AI score0.00428EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/01/13 7:59 p.m.14 views

GHSA-32Q6-RR98-CJQV OpenFGA Authorization Bypass

Overview OpenFGA v1.3.8 to v1.8.2 Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Am I Affected? You are affected by this authorization bypass vulnerability if you are using OpenFGA...

5.8CVSS8.5AI score0.00428EPSS
Exploits0References4
Drupal
Drupal
added 2024/10/30 12:0 a.m.7 views

OhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056

Integrates your Drupal website with the Oh Dear monitoring app. Cached data of monitoring results is accessible to non-logged in users when caching is enabled on the module. This vulnerability is mitigated by the fact that it only affects sites where caching is enabled for OhDear report healthche...

5.3CVSS5.5AI score0.00292EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/30 12:0 a.m.5 views

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud serve, which stems from a sharing conflict that can occur in recipients when caching is enabled. Affected...

8.8CVSS7.8AI score0.00792EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/03/09 12:0 a.m.3 views

Shopware 授权问题漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. Shopware is vulnerable to an access control error that stems from not properly setting sensitive HTTP headers to non-cacheable, which could be exploited by an attacker to enable HTTP caching and then have...

6.5CVSS5.7AI score0.00524EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/12/09 6:7 p.m.8 views

httpd: NULL pointer dereference in mod_cache if Content-Type has empty value

A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled...

5CVSS6.6AI score0.13451EPSS
Exploits0References4
OSV
OSV
added 2007/06/27 5:30 p.m.2 views

DEBIAN-CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

5CVSS8.8AI score0.11786EPSS
Exploits0References1
securityvulns
securityvulns
added 2001/11/30 12:0 a.m.23 views

Alert: Vulnerability in frox transparent ftp proxy.

There is a security hole in all the 0.6.x versions of the frox transparent ftp proxy up to and including version 0.6.6. Version 0.6.7 fixes this vulnerability, and upgrading to this is advised. Development snapshots are also affected up to and including frox-20011031.tar.gz. The vulnerability is...

1.4AI score
Exploits0
Rows per page
Query Builder