73 matches found
CVE-2025-24472
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...
VulnCheck KEV: CVE-2025-24472
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests...
DEBIAN-CVE-2024-2698
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...
nuxt-api-party Code Issues Vulnerabilities
nuxt-api-party is an open source module by Johann Schopplich Individual Developer for proxying API requests. A code issue vulnerability exists in nuxt-api-party version 0.21.3 and later, which stems from allowing a user to abuse the retry logic, causing the server to crash due to a stack overflow...
CVE-2023-46853
An off-by-one error was found in Memcached. This issue occurs when processing proxy requests in proxy mode if \n is used instead of \r\n. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ea...
AZL-34977 CVE-2023-46853 affecting package memcached for versions less than 1.6.27-1
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...
Code injection
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...
CVE-2023-46853
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...
Information Disclosure
github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists in the initContextWithJWT function of authjwt.go because the JWT URL-login flow leaks tokens to data sources through request parameters in proxy requests...
GHSA-JH36-Q97C-9928 Kubernetes vulnerable to validation bypass
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...
CVE-2022-3294
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...
Input validation
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...
CVE-2022-3294
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...
Oracle Linux 8 : kubernetes (ELSA-2022-10034)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10034 advisory. - Addresses CVE-2022-3294 & CVE-2022-3162 - Addresses CVE-2022-3172 olcne - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21 - Resolv...
Oracle Linux 7 : kubernetes (ELSA-2022-10035)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10035 advisory. - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve...
PT-2022-23765 · Zimbra · Zimbra Collaboration Suite
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.15 through 9.0 Description: An issue was discovered in ProxyServlet.java in the /proxy servlet. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The...
GHSA-M4J5-HGQQ-5JF2 Insecure cookie sharing in Hawtio
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...
Zimbra Collaboration Suite 代码问题漏洞
Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A code issue vulnerability exists in Zimbra Collaboration Suite versions prior to 8.8.15 Patch 23 and 9.0.0 Patch 16, which stems from the value o...
Authorization Bypass
solr-core is vulnerable to authorization bypass. The vulnerability exists when using the default RuleBasedAuthorizationPlugin, which allows a node to proxy requests without the need for authorization...