Lucene search
K

67 matches found

RedhatCVE
RedhatCVE
added 2021/08/31 6:5 p.m.30 views

CVE-2021-40330

A flaw was found in git where it allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. The highest threat from this vulnerability is to confidentiality...

7.5CVSS2.1AI score0.03074EPSS
Exploits1References3
Prion
Prion
added 2021/08/31 4:15 a.m.18 views

Design/Logic Flaw

gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

5CVSS7.3AI score0.03074EPSS
Exploits1References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2021/08/31 4:15 a.m.4 views

CVE-2021-40330

gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

7.5CVSS5.8AI score0.03074EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/08/31 4:15 a.m.30 views

CVE-2021-40330

gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

7.5CVSS7.1AI score0.03074EPSS
Exploits1References3
OSV
OSV
added 2021/08/31 4:15 a.m.4 views

UBUNTU-CVE-2021-40330

gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

7.5CVSS7.1AI score0.03074EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/08/31 12:0 a.m.37 views

CVE-2021-40330

gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

7.7AI score0.03074EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.20 views

Git 处理逻辑错误漏洞

Git is a free, open source distributed version control system. Git suffers from a Processing Logic Error vulnerability that stems from the fact that gitconnectgit in connect.c in Git prior to version 2.30.1 allows repository paths to contain line breaks, which can lead to unexpected cross-protoco...

7.5CVSS7.9AI score0.03074EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2021/08/31 12:0 a.m.34 views

CVE-2021-40330

gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

7.5CVSS7.4AI score0.03074EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/08/31 12:0 a.m.45 views

CVE-2021-40330

gitconnectgit in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...

7.5CVSS7.6AI score0.03074EPSS
Exploits1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.6 views

Actix-http 环境问题漏洞

Actix-http is the HTTP primitive for the Actix ecosystem. An environmental issue vulnerability exists in Actix-http that stems from the product's failure to detect HTTP HRS requests, which can be exploited by an attacker to cause a credential disclosure. The following products and versions are...

7.5CVSS7.3AI score0.0181EPSS
Exploits1References4
Cloud Foundry
Cloud Foundry
added 2021/06/11 12:0 a.m.41 views

USN-4966-1: libx11 vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests. CVEs contained in th...

9.8CVSS7.3AI score0.10634EPSS
Exploits2Affected Software2
OSV
OSV
added 2021/05/25 7:2 p.m.4 views

USN-4966-2 libx11 vulnerability

USN-4966-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick...

9.8CVSS6.9AI score0.10634EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2021/05/25 5:0 p.m.245 views

USN-4966-1: libx11 vulnerability

It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests...

9.8CVSS7.5AI score0.10634EPSS
Exploits2
OSV
OSV
added 2021/05/25 5:0 p.m.7 views

USN-4966-1 libx11 vulnerability

It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests...

9.8CVSS6.9AI score0.10634EPSS
Exploits2References2
OSV
OSV
added 2021/05/23 1:30 a.m.5 views

MGASA-2021-0219 Updated libx11 packages fix a security vulnerability

XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the emission of extra X protoc...

9.8CVSS9.4AI score0.10634EPSS
Exploits2References5
FreeBSD
FreeBSD
added 2021/05/11 12:0 a.m.27 views

libX11 -- Arbitrary code execution

The X.org project reports: XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the...

9.8CVSS6.4AI score0.10634EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/01/07 12:0 a.m.7 views

PT-2021-8149 · Git +5 · Git +5

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.30.1 Description: The issue is related to the git connect git function in the connect.c component of the Git distributed version control system. It allows a repository path to contain a newline character, which may...

9.8CVSS6.8AI score0.88644EPSS
Exploits12References74
BDU FSTEC
BDU FSTEC
added 2019/02/21 12:0 a.m.8 views

The vulnerability of the WLS component – the deployment server of Oracle WebLogic Server – allows a perpetrator to modify protected data.

The vulnerability of the WLS component – the deployment of Oracle WebLogic Server applications – is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to remotely gain access to modify, add, or delete protected data through HTTP requests...

4.3CVSS5.8AI score0.00917EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/01/10 12:0 a.m.4 views

SAP HANA Information Disclosure Vulnerability (CNVD-2018-03088)

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. An information disclosure vulnerability exists in SAP HANA. A remote attacker can exploit this...

5.3CVSS6.3AI score0.01584EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2017/06/14 12:0 a.m.31 views

Siemens SIPROTEC Denial of Service (CVE-2015-5374)

A vulnerability exists in Siemens SIPROTEC. This vulnerability, aka Crash Override or Industroyer, is due to the way SIPROTEC handles certain malformed protocol requests. A successful attack can lead to a denial of service...

7.8CVSS2.3AI score0.74323EPSS
Exploits7
Rows per page
Query Builder