CVE-2024-27140

Apache Archiva is affected by a Cross-site Scripting (XSS) issue described as Improper Neutralization of Input During Web Page Generation. The vulnerability affects Archiva versions 2.0.0 and later, with the project stated as retired and no plan for a fix. Practical impact is an XSS risk in web p...

PT-2024-21671 · Apache · Apache Archiva

Name of the Vulnerable Software and Affected Versions: Apache Archiva versions 2.0.0 and later Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This affects Apache Archiva, a product that is no longer supported b...

CentOS 9 : curl-7.76.1-22.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-22.el9 build changelog. - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

Exploit for Injection in Atlassian Confluence_Data_Center

Project Introduction This project refers to the project of B...

CVE-2024-1359

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise...

CVE-2024-1359

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise...

Command injection

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise...

CVE-2024-1359

Summary: CVE-2024-1359 is a command injection vulnerability in GitHub Enterprise Server that allowed an attacker with the Management Console’s editor role to escalate to admin/root SSH access when configuring an HTTP proxy. Affected products/versions: all GitHub Enterprise Server versions prior t...

CVE-2024-1359 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise...

GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in ghe-update-check

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. This vulnerability affected all versions of GitHub Enterprise Server prior t...

GHSA-JCHW-25XP-JWWC vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines, configurable-http-proxy, kibana, opensearch-dashboards, lerna, kubeflow-centraldashboard, opensearch-dashboards-fips...

GHSA-JCHW-25XP-JWWC vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, configurable-http-proxy, lerna, kubeflow-pipelines, kubeflow-centraldashboard...

CVE-2023-26159 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines, configurable-http-proxy, kibana, opensearch-dashboards, lerna, kubeflow-centraldashboard, opensearch-dashboards-fips...

CVE-2023-26159 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, configurable-http-proxy, lerna, kubeflow-pipelines, kubeflow-centraldashboard...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

SSRF Vulnerability Exploit for Request-Baskets CVE-2023-27163...

CentOS 7 : curl (RHSA-2023:7743)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7743 advisory. - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can...

Oracle Linux 7 : curl (ELSA-2023-7743)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7743 advisory. - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - CVE-2016-8615 cookie injection for...

Low: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

RHEL 7 : curl (RHSA-2023:7743)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7743 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, a...

curl security update

7.29.0-59.0.3.el79.2 - load CA certificates even with --insecure Orabug: 32836997 - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers...