Lucene search
K

873 matches found

RedHat Linux
RedHat Linux
added 2023/06/23 5:44 p.m.21 views

jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin

A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin are vulnerable to cross-site request forgery caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker...

4.3CVSS5.6AI score0.00368EPSS
Exploits0References5
CNVD
CNVD
added 2023/05/31 12:0 a.m.22 views

WordPress Easy Google Maps plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Easy Google Maps plugin version 1.11.7 and earlier versions. The vulnerability stem...

8.8CVSS6.4AI score0.00248EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 5:30 p.m.15 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details IBM X-Force ID: 239925 DESCRIPTION: Apollo GraphQL Apollo Server is vulnerable to web cache poisoning, caused by improper handling of cache-control response header. By modifying HTTP request headers, an...

6.5AI score
Exploits0Affected Software1
OSV
OSV
added 2023/05/12 12:30 p.m.14 views

GHSA-6VCF-CFJP-QXCW LavaLite vulnerable to web cache poisoning

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...

9.8CVSS9.5AI score0.00866EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/05/12 12:30 p.m.18 views

LavaLite vulnerable to web cache poisoning

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...

9.8CVSS6.5AI score0.00866EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/05/12 11:15 a.m.14 views

CVE-2023-27238

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...

9.8CVSS9.5AI score0.00866EPSS
Exploits0References2
OSV
OSV
added 2023/05/12 11:15 a.m.13 views

CVE-2023-27238

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...

9.8CVSS7.4AI score0.00866EPSS
Exploits0References2
Prion
Prion
added 2023/05/12 11:15 a.m.12 views

Design/Logic Flaw

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...

7.5CVSS9.5AI score0.00866EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/12 12:0 a.m.18 views

CVE-2023-27238

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...

9.8AI score0.00866EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/12 12:0 a.m.7 views

CVE-2023-27238

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...

9.6AI score0.00866EPSS
Exploits0References2
CVE
CVE
added 2023/05/12 12:0 a.m.43 views

CVE-2023-27238

CVE-2023-27238 affects LavaLite CMS v9.0.0, described in the provided documents as vulnerable to web cache poisoning. The materials do not specify the exact vulnerable component, root cause, affected configurations, or exploit details. Exploitation status is not described in the supplied document...

9.8CVSS9.5AI score0.00866EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/03 4:27 p.m.63 views

Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl (CVE-2022-31081)

Summary A vulnerability in libwww-perl could allow an attacker to poison web caches, bypass web application firewall protection, and conduct XSS attacks CVE-2022-31081. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2022-31081 DESCRIPTION: Libwww is vulnerab...

7.3CVSS6.6AI score0.02108EPSS
Exploits1Affected Software2
IBM AIX
IBM AIX
added 2023/05/03 9:23 a.m.116 views

AIX is vulnerable to HTTP request smuggling due to Perl

IBM SECURITY ADVISORY First Issued: Wed May 3 09:23:25 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory6.asc Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl CVE-2022-31081...

7.3CVSS6.1AI score0.02108EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:19 p.m.386 views

K16828: Apache Tomcat vulnerability CVE-2005-2090

Security Advisory Description Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length...

4.3CVSS6.3AI score0.29784EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.37 views

Security Bulletin: A cross-site request forgery vulnerability affects the IBM FlashSystem models 840 and 900 (CVE-2015-7446)

Summary There is a cross-site request forgery vulnerability to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow cross-site scripting attacks, Web cache poisoning, and other malicious activities. Vulnerability Details CVEID:...

8.8CVSS8.7AI score0.00737EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.5 views

SUSE CVE-2005-0095

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service crash via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCPISEEYOU cache numbers...

5CVSS7AI score0.68776EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.2 views

SUSE CVE-2005-2090

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

4.3CVSS6.3AI score0.29784EPSS
Exploits4References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.4 views

SUSE CVE-2016-5288

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox 49.0.2...

5.9CVSS6.1AI score0.01798EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.2 views

SUSE CVE-2018-7323

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing...

5.3CVSS6.9AI score0.02454EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.4 views

SUSE CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.9AI score0.01837EPSS
Exploits1References5
Rows per page
Query Builder