CVE-2024-53263

Git LFS (Git Large File Storage) is affected by CVE-2024-53263. The vulnerability arises when Git LFS requests credentials from Git for a remote host and passes portions of the host URL to git-credential(1) without sanitizing embedded line-ending control characters. An attacker could insert URL-e...

GHSA-RWCJ-7JJP-4W38 [PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`

Impact APIURLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. References ISSUE PATCH...

RHEL 6 : kdelibs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kdelibs: prints passwords contained in HTTP URLs in error messages CVE-2013-2074 - kf5-kio, kdelibs:...

ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies

Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. "HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers an...

Cross-site Scripting (XSS)

jenkins-2-plugins is vulnerable to Cross-site Scripting XSS attacks. The library converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL it sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict gopher gophers ldap ldaps rtmp rtmps or telnet. The earliest affected version is 7.77.0.

...

DEBIAN-CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

HTTP proxy double free

If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of protocol through. An HTTP proxy might refuse this request HTTP proxies often only allow outgoing...

GHSA-PQW5-JMP5-PX4V parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

CVE-2022-34798

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...

CVE-2021-40642

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

CVE-2021-40642

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

CVE-2021-40642

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

Obsidian does not require user confirmation for non-http/https URLs.

Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs...

GHSA-27J5-2H6R-C9Q2 OpenAPI Tools OpenAPI Generator uses HTTP in various files

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

OpenAPI Tools OpenAPI Generator uses HTTP in various files

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

? before the @ sign allows one to bypass whitelists

Description ? before the @ sign in HTTP URLs allows one to bypass whitelists Proof of Concept Convince NodeJS HTTP client to make a request to 127.0.0.1 bypassing a google.com whitelist. const parse = require'parse-url' const http = require'http' const url = parse"http://[email protected]" if...

Command Injection in yogeshojha/rengine

✍️ Description RCE via the proxy feature of Rengine. Proxies can be added in Rengine for executables like httpx to use in a scan. This functionality can be used to inject a command and run arbitrary code. 🕵️‍♂️ Proof of Concept Add this as the only proxy in the proxy list in the Proxy settings:...