Lucene search
K

73 matches found

OSV
OSV
added 2025/02/11 5:15 p.m.6 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS5.8AI score0.03092EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/02/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-24472

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests...

8.1CVSS5.8AI score0.03092EPSS
Exploits0References1
OSV
OSV
added 2024/06/12 8:15 a.m.2 views

DEBIAN-CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...

8.8CVSS7.7AI score0.00667EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/09 12:0 a.m.4 views

nuxt-api-party Code Issues Vulnerabilities

nuxt-api-party is an open source module by Johann Schopplich Individual Developer for proxying API requests. A code issue vulnerability exists in nuxt-api-party version 0.21.3 and later, which stems from allowing a user to abuse the retry logic, causing the server to crash due to a stack overflow...

7.5CVSS7.1AI score0.00804EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/10/30 11:28 a.m.36 views

CVE-2023-46853

An off-by-one error was found in Memcached. This issue occurs when processing proxy requests in proxy mode if \n is used instead of \r\n. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ea...

9.8CVSS9.2AI score0.00756EPSS
Exploits0References3
OSV
OSV
added 2023/10/27 8:15 p.m.9 views

AZL-34977 CVE-2023-46853 affecting package memcached for versions less than 1.6.27-1

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...

9.8CVSS7.4AI score0.00756EPSS
Exploits0References1
Prion
Prion
added 2023/10/27 8:15 p.m.23 views

Code injection

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...

7.5CVSS9.3AI score0.00756EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/10/27 8:15 p.m.25 views

CVE-2023-46853

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...

9.8CVSS7.2AI score0.00756EPSS
Exploits0References2
Veracode
Veracode
added 2023/05/02 4:31 a.m.64 views

Information Disclosure

github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists in the initContextWithJWT function of authjwt.go because the JWT URL-login flow leaks tokens to data sources through request parameters in proxy requests...

7.5CVSS7.2AI score0.01504EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2023/03/01 9:30 p.m.26 views

GHSA-JH36-Q97C-9928 Kubernetes vulnerable to validation bypass

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

8.8CVSS7.2AI score0.01618EPSS
Exploits0References5
NVD
NVD
added 2023/03/01 7:15 p.m.26 views

CVE-2022-3294

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

8.8CVSS7.3AI score0.01618EPSS
Exploits0References3
Prion
Prion
added 2023/03/01 7:15 p.m.16 views

Input validation

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

6.5CVSS8.4AI score0.01618EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/01 7:15 p.m.30 views

CVE-2022-3294

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

8.8CVSS6.9AI score0.01618EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/11/29 12:0 a.m.40 views

Oracle Linux 8 : kubernetes (ELSA-2022-10034)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10034 advisory. - Addresses CVE-2022-3294 & CVE-2022-3162 - Addresses CVE-2022-3172 olcne - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21 - Resolv...

10CVSS6.9AI score0.02701EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/11/29 12:0 a.m.42 views

Oracle Linux 7 : kubernetes (ELSA-2022-10035)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10035 advisory. - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve...

10CVSS6.9AI score0.02701EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/08/11 12:0 a.m.6 views

PT-2022-23765 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.15 through 9.0 Description: An issue was discovered in ProxyServlet.java in the /proxy servlet. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The...

7.5CVSS7.3AI score0.0053EPSS
Exploits0References6
OSV
OSV
added 2022/05/13 1:36 a.m.23 views

GHSA-M4J5-HGQQ-5JF2 Insecure cookie sharing in Hawtio

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...

9CVSS8.9AI score0.00926EPSS
Exploits0References5
Prion
Prion
added 2021/11/24 4:15 p.m.19 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...

5CVSS7.5AI score0.01367EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2021/07/02 12:0 a.m.4 views

Zimbra Collaboration Suite 代码问题漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A code issue vulnerability exists in Zimbra Collaboration Suite versions prior to 8.8.15 Patch 23 and 9.0.0 Patch 16, which stems from the value o...

9.8CVSS8AI score0.0297EPSS
Exploits1References6
Veracode
Veracode
added 2019/04/25 7:9 a.m.20 views

Authorization Bypass

solr-core is vulnerable to authorization bypass. The vulnerability exists when using the default RuleBasedAuthorizationPlugin, which allows a node to proxy requests without the need for authorization...

4.3CVSS4.8AI score0.0202EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder