Lucene search
+L

218 matches found

vulnersOsv
vulnersOsv
added 2022/05/13 1:30 a.m.5 views

com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5323 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)

org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5323 Source advisory: OSV:GHSA-X4M5-J4X4-4WJG...

6.5CVSS7.2AI score0.01491EPSS
Exploits0
Veracode
Veracode
added 2022/04/25 4:22 a.m.5 views

Denial Of Service (DoS)

Yarp.ReverseProxy is vulnerable to denial of service. The vulnerability exists due to the attribute request failure before determining a destination's health in the RequestProxied function of TransportFailureRateHealthPolicy.cs, allowing an attacker to cause an application crash...

7.5CVSS6.4AI score0.03191EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/04/20 12:0 a.m.63 views

GHSA-Q6H7-4QGW-2J9P Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery SSRF. This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS7.5AI score0.08676EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/04/20 12:0 a.m.95 views

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery SSRF. This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS7.3AI score0.08676EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/19 4:17 p.m.1 views

CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS5.8AI score0.08676EPSS
Exploits0References9
NVD
NVD
added 2022/04/19 4:17 p.m.18 views

CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS0.08676EPSS
Exploits0References6
OSV
OSV
added 2022/04/19 4:17 p.m.1 views

DEBIAN-CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS6.7AI score0.08676EPSS
Exploits0References1
OSV
OSV
added 2022/04/19 4:17 p.m.3 views

UBUNTU-CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS6.8AI score0.08676EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/04/19 12:0 a.m.4 views

PT-2022-19418 · Hashicorp +3 · Hashicorp Consul +4

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.9.16 and earlier, 1.10.9 and earlier, 1.11.4 and earlier Description: A server-side request forgery issue may occur when the Consul client agent follows redirects returned by HTTP health check...

8.8CVSS6AI score0.3479EPSS
Exploits3References60
Cvelist
Cvelist
added 2022/04/19 12:0 a.m.42 views

CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

7.8AI score0.08676EPSS
Exploits0References6
OSV
OSV
added 2022/04/19 12:0 a.m.47 views

CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS7.5AI score0.08676EPSS
Exploits0References8
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2022/04/15 3:29 p.m.7 views

Consul’s HTTP Health Check May Allow Server Side Request Forgery

Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery SSRF. This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS6.8AI score0.08676EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2021/12/17 12:0 a.m.20 views

Trend Micro Security Backlink Vulnerability (CNVD-2021-103666)

Trend Micro Security is a suite of computer security software from Trend Micro, Inc. Trend Micro Security has a backlink vulnerability that stems from a link tracking issue in the PC Health Check feature. An attacker could exploit the vulnerability to cause a denial of service attack...

7.1CVSS2.6AI score0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.6 views

Trend Micro Security 后置链接漏洞

Trend Micro Security is a suite of computer security software from Trend Micro, Inc. Trend Micro Security has a backlink vulnerability that stems from a link tracking issue in the PC Health Check feature. An attacker could exploit the vulnerability to cause a denial of service attack...

7.1CVSS5.6AI score0.00408EPSS
Exploits0References5
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.32 views

VMware vCenter Server Improper Input Validation Vulnerability

VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...

10CVSS9.4AI score0.99999EPSS
In wildExploits13
0day.today
0day.today
added 2021/07/16 12:0 a.m.621 views

VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

9.8CVSS0.7AI score0.99999EPSS
Exploits13
Packet Storm
Packet Storm
added 2021/07/13 12:0 a.m.1030 views

VMware vCenter Server Virtual SAN Health Check Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Virtual SAN Health Check Plugin RCE', 'Description' = %q This module exploits Java unsafe reflection and SSRF in the VMware...

10CVSS0.5AI score0.99999EPSS
Exploits13
VulnCheck KEV
VulnCheck KEV
added 2021/06/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-21985

VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...

10CVSS7.7AI score0.99999EPSS
Exploits13References1
OSV
OSV
added 2021/05/26 3:15 p.m.6 views

CVE-2021-21986

The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...

9.8CVSS7.5AI score0.12918EPSS
Exploits0References2
OSV
OSV
added 2021/05/26 3:15 p.m.5 views

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

9.8CVSS8.1AI score0.99999EPSS
Exploits13References4
Rows per page
Query Builder