727 matches found
Input validation
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...
CVE-2022-3573
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...
CVE-2022-3573
Removed by vendor...
CVE-2022-3573
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...
CVE-2022-38756
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies...
PT-2022-24554 · Micro Focus · Micro Focus Groupwise Web
Name of the Vulnerable Software and Affected Versions: Micro Focus GroupWise Web versions prior to 18.4.2 Description: A vulnerability has been identified in the GW Web component, which makes a request to the Post Office Agent containing sensitive information in the query parameters. This sensiti...
CVE-2022-38756 CVE-2022-38756 vulnerability in GW Web prior to 18.4.2
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies...
Micro Focus GroupWise 日志信息泄露漏洞
Micro Focus GroupWise is a complete collaboration software solution from Micro Focus UK. Providing email, calendaring and instant messaging for today's mobile world. A security vulnerability exists in Micro Focus GroupWise Web prior to version 18.4.2, which originates when the GW Web component...
Remote Code Execution (RCE)
pgadmin4 is vulnerable to remote code execution. The vulnerability exists in validatebinarypath function of init.py due to lack of validation of the binary path which allows an attacker to inject and execute malicious query parameters via the pgAdmin server...
Remote Code Execution (RCE)
sysstat is vulnerable to remote code execution. The vulnerability exists in allocatestructures function of sacommon.c due to insufficiently checks bounds before arithmetic multiplication which allows an attacker to inject and execute malicious query parameters...
PT-2022-27768 · Querybook · Querybook
Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.14.2 Description: The issue concerns Querybook, an open source data querying UI. In affected versions, user-provided data is not escaped in the error field of the auth callback URL in...
Remote Code Execution (RCE)
quarkus-vertx-http is vulnerable to remote code execution. The vulnerability exists in multiple functions due to drive-by localhost attacks which allows an attacker to inject and execute malicious query parameters via the Dev UI Config Editor...
DEBIAN-CVE-2022-36180
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting XSS via /fusiondirectory/index.php?message=injection, /fusiondirectory/index.php?message=invalidparameter&plug=Injection, /fusiondirectory/index.php?signout=1&message=injection&plug=106...
Remote Code Execution (RCE)
linkis-entrance is vulnerable to remote code execution. The vulnerability exists in the onProgressUpdate function of QueryPersistenceManager.java, allowing an attacker to inject and execute malicious query parameters when an attacker has write access to the database and configures a JDBC EC with ...
Esri ArcGIS Server 输入验证错误漏洞
Esri ArcGIS Server is a web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri. An input validation error vulnerability exists in Esri ArcGIS Server version 10.9.1 and earlier, which stems from an unauthenticated...
OESA-2022-2004 golang security update
The Go Programming Language Security Fixes: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum si...
Incorrect sanitization of forwarded query parameters in net/http/httputil
...
MGASA-2022-0377 Updated golang packages fix security vulnerability
regexp/syntax: limit memory used by parsing regexps CVE-2022-41715 archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880...
CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...