GNU Inetutils数据伪造问题漏洞

GNU Inetutils is a common set of network programs in the GNU community. A security vulnerability exists in versions of GNU Inetutils prior to 2.2, which stems from a client not validating the addresses returned in a PASV/LSPV response to ensure that they match the server address...

Multiple Schneider Electric EVlink Charging Stations 数据伪造问题漏洞

Schneider Electric EVlink Charging Stations is a charging device from Schneider Electric France. Multiple Schneider Electric EVlink Charging Stations is vulnerable to a data forgery issue, details of this vulnerability are not available at this time, please check the vendor's homepage for more...

Esri Arcgis Server 代码问题漏洞

ArcGIS Server is the back-end server software component of ArcGIS Enterprise.ArcGIS Server Manager is an application that is installed with ArcGIS Server and provides an intuitive and convenient interface for managing the server. A server-side request forgery vulnerability exists in ArcGIS Server...

PT-2021-14718 · Jenkins · Jenkins Requests-Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins requests-plugin Plugin versions 2.2.12 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to create requests and/or have administrators apply pending requests, such as renaming or deleting jobs,...

CVE-2021-32698 Blind Server-Side Request Forgery (SSRF) in eLabFTW

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0...

Peloton TTR01 数据伪造问题漏洞

The Peloton TTR01 is a wireless device. A data forgery vulnerability exists in the Peloton TTR01, which arises from insufficient validation of data authenticity and can be exploited by an attacker with physical access to boot into a modified kernel ramdisk without unlocking the bootloader.The...

Wire wire-ios data forgery issue vulnerability

Wire is a chat software by an individual developer. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original way of saying hello, PING. A data forgery vulnerability exists in Wire wire-ios 3.8.0 and earlier versions...

Huawei Manageone 数据伪造问题漏洞

Huawei Manageone, a cloud data center management solution from Huawei of China, suffers from a denial-of-service vulnerability that could be exploited by attackers to cause certain service anomalies...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2021-20480)

Summary WebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

UPnP 数据伪造问题漏洞

UPnP is a Universal Plug and Play protocol from the Open Connectivity Foundation. A data forgery vulnerability exists in Portable SDK version 1.14.6 and later in UPnP Devices because it does not check the value of the "host" header...

Luke Jordan Grassroot Platform 数据伪造问题漏洞

Luke Jordan grassroot-platform is an open source application by Luke Jordan. An application that makes it faster, cheaper and easier to sustainably organize and mobilize people in low-income communities. A security vulnerability exists in Luke Jordan Grassroot Platform that allows for the forgery...

Red Hat libdnf 数据伪造问题漏洞

Red Hat libdnf is an application from Red Hat USA. provides a library that provides a simplified C and Python API for libsolv. A data forgery vulnerability exists in libdnf, which arises from the signature feature allowing an attacker to achieve code execution...

Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site request forgery vulnerability

Summary A cross-site request forgery vulnerability was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2020-4286 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

Debian DLA-2580-1 : adminer security update

Adminer is an open source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers e.g. adminer.php are affected. For Debian 9 stretch, this problem has been fixed ...

Design/Logic Flaw

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials...

Rostelecom CS-C2SHW Data Forgery Issue Vulnerability

Rostelecom CS-C2SHW 5.0.082.1 A data forgery issue vulnerability exists, which stems from a firmware update that will automatically run if a special file is inserted on the SD card...

Idpy Pysaml2 Data Forgery Issue Vulnerability

Idpy Pysaml2 is a Python-based SAML server implementation from the Idpy community. Idpy PySAML2 before 6.5.0 suffers from a data forgery issue vulnerability that stems from a cryptographic signature validation error...

Python Data Forgery Problem Vulnerability

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python oic versions prior to 1.2.1, which stems from the fact that there are...

Facebook HHVM Data Forgery Issue Vulnerability

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of loading dynamic pages in PHP. A data forgery issue vulnerability exists in Facebook HHVM versions prior to 3.9.5, 3.10.0 through 3.12.3, and 3.13.0 through 3.14.1, which stem...

PT-2020-15462 · Jenkins · Jenkins Database Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins database Plugin versions 1.6 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified database server using attacker-specified credentials. The vulnerability affects...