CVE-2022-2756

Server-Side Request Forgery SSRF in GitHub repository kareadita/kavita prior to 0.5.4.1...

kavita 代码问题漏洞

kavita is a fast, feature-rich, cross-platform reading server. A code issue vulnerability exists in kavita versions prior to 0.5.4.1. An attacker could exploit this vulnerability to perform server-side request forgery attacks...

IBM DataPower Gateway 代码问题漏洞

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across channels...

PT-2022-5432 · Cvat · Cvat

Name of the Vulnerable Software and Affected Versions: CVAT versions prior to 2.0.0 Description: The issue is related to insufficient validation of incoming requests, which can allow a remote attacker to perform a Server-side request forgery SSRF attack. Validation has been added to URLs used in...

CVE-2022-36997

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read,...

Veritas NetBackup 代码问题漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and backup protection of environmental data such as metadata and virtual environments. A security...

PT-2022-23742 · Veritas · Veritas Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions 8.1.x through 8.1.2 Veritas NetBackup version 8.2 Veritas NetBackup versions 8.3.x through 8.3.0.2 Veritas NetBackup versions 9.x through 9.0.0.1 Veritas NetBackup versions 9.1.x through 9.1.0.1 Description: An issu...

CVE-2022-35651

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in contex...

UBUNTU-CVE-2022-35651

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in contex...

CVE-2022-22416

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force...

CVE-2022-35741

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity XXE injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When...

CVE-2022-25801

Best Practical RT for Incident Response RTIR before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools...

CVE-2022-25800

Best Practical RT for Incident Response RTIR before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool...

CVE-2022-25800

Best Practical RT for Incident Response RTIR before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool...

Best Practical RT for Incident Response 代码问题漏洞

Best Practical RT for Incident Response is an extension of Best Practical's RT. It provides pre-configured queues and workflows designed for incident response teams. A security vulnerability exists in Best Practical RT for Incident Response RTIR, which stems from the fact that it allows an attack...

Best Practical RT for Incident Response 代码问题漏洞

Best Practical RT for Incident Response is an extension of Best Practical's RT. It provides pre-configured queues and workflows designed for incident response teams. A security vulnerability exists in Best Practical RT for Incident Response RTIR that stems from a vulnerability that allows an...

PT-2022-21354 · Apache · Apache Jetspeed-2

Name of the Vulnerable Software and Affected Versions: Apache Jetspeed-2 affected versions not specified Description: The issue arises from insufficient filtering of untrusted user input by default, leading to problems such as XSS, CSRF, XXE, and SSRF. Setting the configuration option...

Apache Jetspeed-2 安全漏洞

Apache Jetspeed-2 is a very open and customizable portal platform from the Apache USA Foundation. Apache Jetspeed-2 suffers from an input validation error vulnerability that stems from Apache Jetspeed-2 failing to adequately filter untrusted user input by default, which can be exploited by an...

CVE-2022-25876

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...

PT-2022-3496 · Atlassian · Jira +2

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions 8.0.0 through 8.13.21 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.9 Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.3 Jira Management Server and Data...