630 matches found
CVE-2020-5018
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654...
DEBIAN-CVE-2020-35111
When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox...
CVE-2020-29498
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The...
Mozilla: The proxy.onRequest API did not catch view-source URLs
The Mozilla Foundation Security Advisory describes this flaw as: When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have...
Mozilla: The proxy.onRequest API did not catch view-source URLs
The Mozilla Foundation Security Advisory describes this flaw as: When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have...
Mozilla: The proxy.onRequest API did not catch view-source URLs
The Mozilla Foundation Security Advisory describes this flaw as: When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have...
libreoffice: forms allowed to be submitted to any URI could result in local file overwrite
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
Observium Directory Traversal and Local File Inclusion Vulnerability
Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a directory traversal and local file inclusion vulnerability. The vulnerability stems from the ability to load any file with the...
DEBIAN-CVE-2020-24972
The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL...
Encode OSS Uvicorn Resource Management Error Vulnerability
Encode OSS Uvicorn is a British Encode OSS company based on uvloop and httptools build ASGI Web Server Gateway Interface server. Encode OSS Uvicorn suffers from a Resource Management Error vulnerability, which arises from mismanagement of system resources e.g., memory, disk space, files, etc. in ...
Envoy Resource Management Error Vulnerability (CNVD-2020-51750)
Envoy is an open source distributed proxy server . A resource management error vulnerability exists in Envoy versions 1.14.2 and earlier, 1.13.2 and earlier, and 1.12.4 and earlier. An attacker can exploit the vulnerability by consuming large amounts of memory with requests with HTTP/1.1 headers...
envoy: Resource exhaustion when processing HTTP/1.1 headers with long field names
An uncontrolled resource consumption vulnerability was found in Envoy. This flaw allows an attacker to craft many HTTP requests with long field names or URLs to cause the proxy to consume excessive amounts of memory, potentially resulting in a denial of service. The highest threat from this...
DEBIAN-CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
UBUNTU-CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
keycloak: adapter endpoints are exposed via arbitrary URLs
It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...
ALPINE-CVE-2020-5260
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...
DEBIAN-CVE-2020-5260
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...
Unspecified Vulnerability in Mozilla Firefox ESR (CNVD-2020-26233)
Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. An unspecified vulnerability exists in Mozilla Firefox ESR. An attacker could exploit the vulnerability to forge URLs...
Movable Type Cross-Site Scripting Vulnerability (CNVD-2020-04553)
Movable Type, or MT for short, is a weblog publishing system from California-based Six Apart, Inc. Movable Type suffers from a cross-site scripting vulnerability. A remote attacker can use this vulnerability to inject arbitrary web script or HTML into block editors and rich text editors via...
CVE-2019-4562
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...