Lucene search
+L

630 matches found

OSV
OSV
added 2021/01/08 7:15 p.m.3 views

CVE-2020-5018

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654...

7.5CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2021/01/07 2:15 p.m.1 views

DEBIAN-CVE-2020-35111

When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox...

4.3CVSS6.5AI score0.01172EPSS
Exploits0References1
OSV
OSV
added 2021/01/04 10:15 p.m.3 views

CVE-2020-29498

Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The...

6.1CVSS5.9AI score0.01071EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/12/16 12:42 p.m.4 views

Mozilla: The proxy.onRequest API did not catch view-source URLs

The Mozilla Foundation Security Advisory describes this flaw as: When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have...

4.3CVSS7.3AI score0.01172EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/16 9:47 a.m.4 views

Mozilla: The proxy.onRequest API did not catch view-source URLs

The Mozilla Foundation Security Advisory describes this flaw as: When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have...

4.3CVSS7.3AI score0.01172EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/16 8:16 a.m.9 views

Mozilla: The proxy.onRequest API did not catch view-source URLs

The Mozilla Foundation Security Advisory describes this flaw as: When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have...

4.3CVSS7.3AI score0.01172EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/04 1:19 a.m.5 views

libreoffice: forms allowed to be submitted to any URI could result in local file overwrite

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

6.5CVSS5.7AI score0.01712EPSS
Exploits0References4
CNVD
CNVD
added 2020/09/27 12:0 a.m.3 views

Observium Directory Traversal and Local File Inclusion Vulnerability

Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a directory traversal and local file inclusion vulnerability. The vulnerability stems from the ability to load any file with the...

8.8CVSS6.8AI score0.03234EPSS
Exploits0References1
OSV
OSV
added 2020/08/29 9:15 p.m.1 views

DEBIAN-CVE-2020-24972

The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL...

8.8CVSS8.7AI score0.04758EPSS
Exploits1References1
CNVD
CNVD
added 2020/07/28 12:0 a.m.6 views

Encode OSS Uvicorn Resource Management Error Vulnerability

Encode OSS Uvicorn is a British Encode OSS company based on uvloop and httptools build ASGI Web Server Gateway Interface server. Encode OSS Uvicorn suffers from a Resource Management Error vulnerability, which arises from mismanagement of system resources e.g., memory, disk space, files, etc. in ...

7.5CVSS6.8AI score0.01345EPSS
Exploits1References1
CNVD
CNVD
added 2020/07/02 12:0 a.m.4 views

Envoy Resource Management Error Vulnerability (CNVD-2020-51750)

Envoy is an open source distributed proxy server . A resource management error vulnerability exists in Envoy versions 1.14.2 and earlier, 1.13.2 and earlier, and 1.12.4 and earlier. An attacker can exploit the vulnerability by consuming large amounts of memory with requests with HTTP/1.1 headers...

7.5CVSS6.9AI score0.01448EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/01 6:46 p.m.7 views

envoy: Resource exhaustion when processing HTTP/1.1 headers with long field names

An uncontrolled resource consumption vulnerability was found in Envoy. This flaw allows an attacker to craft many HTTP requests with long field names or URLs to cause the proxy to consume excessive amounts of memory, potentially resulting in a denial of service. The highest threat from this...

7.5CVSS7.1AI score0.01448EPSS
Exploits0References5
OSV
OSV
added 2020/06/08 4:15 p.m.1 views

DEBIAN-CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

6.5CVSS6.2AI score0.01712EPSS
Exploits0References1
OSV
OSV
added 2020/06/08 4:15 p.m.5 views

UBUNTU-CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

6.5CVSS6.3AI score0.01712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.6 views

keycloak: adapter endpoints are exposed via arbitrary URLs

It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...

4.3CVSS5.7AI score0.00717EPSS
Exploits0References4
OSV
OSV
added 2020/04/14 11:15 p.m.3 views

ALPINE-CVE-2020-5260

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

7.5CVSS6.9AI score0.10047EPSS
Exploits2References1
OSV
OSV
added 2020/04/14 11:15 p.m.1 views

DEBIAN-CVE-2020-5260

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

7.5CVSS7.2AI score0.10047EPSS
Exploits2References1
CNVD
CNVD
added 2020/04/08 12:0 a.m.3 views

Unspecified Vulnerability in Mozilla Firefox ESR (CNVD-2020-26233)

Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. An unspecified vulnerability exists in Mozilla Firefox ESR. An attacker could exploit the vulnerability to forge URLs...

4.7CVSS8.5AI score0.00744EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/07 12:0 a.m.5 views

Movable Type Cross-Site Scripting Vulnerability (CNVD-2020-04553)

Movable Type, or MT for short, is a weblog publishing system from California-based Six Apart, Inc. Movable Type suffers from a cross-site scripting vulnerability. A remote attacker can use this vulnerability to inject arbitrary web script or HTML into block editors and rich text editors via...

6.1CVSS6.1AI score0.00839EPSS
Exploits0References1
OSV
OSV
added 2020/02/04 5:15 p.m.5 views

CVE-2019-4562

IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...

5.3CVSS6AI score0.00981EPSS
Exploits0References2
Rows per page
Query Builder