801 matches found
CVE-2022-4130
CVE-2022-4130 is a documented vulnerability in Red Hat Satellite 6, described as a blind SSRF via the Referer header in Satellite server HTTP requests. The issue can trigger an external interaction from the server to an attacker-controlled endpoint when specific resources are requested and the Re...
CVE-2022-4130
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server...
Red Hat Satellite 安全漏洞
Red Hat Satellite is a system management platform from Red Hat. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satellite, which stems from the fact...
CVE-2022-4130
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server...
CVE-2022-46355
A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The affected products are...
PT-2022-27838 · Siemens · Scalance X204Rna +1
Name of the Vulnerable Software and Affected Versions: SCALANCE X204RNA HSR versions prior to V3.2.7 SCALANCE X204RNA PRP versions prior to V3.2.7 SCALANCE X204RNA EEC HSR versions prior to V3.2.7 SCALANCE X204RNA EEC PRP versions prior to V3.2.7 SCALANCE X204RNA EEC PRP/HSR versions prior to...
The vulnerability of the Mozilla Firefox browser, related to HTTP request processing flaws, allows attackers to circumvent existing security restrictions and disclose sensitive information.
The vulnerability of the Mozilla Firefox browser is related to HTTP request processing flaws. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and disclose sensitive information using the HTTP referer header...
GHSA-VWXV-FRJ6-FHC9 OMERO-web Sensitive Data Exposure
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...
OMERO-web Sensitive Data Exposure
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...
CVE-2022-23067
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...
CVE-2022-23067
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...
Design/Logic Flaw
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...
CVE-2022-23067 ToolJet - Token Leakage via Referer Header
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...
CVE-2022-23067
The CVE-2022-23067 entry applies to ToolJet versions v0.5.0–v1.2.2, where a token leakage vulnerability via the Referer header can lead to account takeover. According to the provided sources, if a user opens an invite/signup link and then clicks external links, the password/signup token is expose...
CVE-2022-23067
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...
Insertion of Sensitive Information Into Sent Data
Overview phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Transformation implementation in libraries/Header.php. Due to the lack of a 'no-referrer' content security policy,...
GHSA-2HW2-H3MF-C2J9 Moodle open redirect vulnerability
Open redirect vulnerability in the cleanparam function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer...
CVE-2022-30334
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that us...
CVE-2022-30334
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that us...
Brave 信息泄露漏洞
Brave is a fast, private and secure web browser from Brave USA. A security vulnerability exists in Brave versions prior to 1.34 that stems from leaks.onion URLs appearing in the headers of Referer and Origin when using a private window with a Tor connection...