Lucene search
K

675 matches found

BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.6 views

The vulnerability of the HTTP proxy server of the Grafana data visualization web tool allows attackers to perform cross-site scripting attacks.

The vulnerability of the HTTP proxy server of the Grafana data visualization tool is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created malicious HTML page...

6.8CVSS6.6AI score0.02359EPSS
Exploits1References9Affected Software8
RedHat Linux
RedHat Linux
added 2023/05/09 9:51 a.m.4 views

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

5.9CVSS7.1AI score0.02511EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.25 views

Debian: Security Advisory (DLA-763-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.06766EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.3 views

SUSE CVE-2007-5273

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound...

2.6CVSS6.7AI score0.02678EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.3 views

SUSE CVE-2011-1469

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper...

4.3CVSS6.6AI score0.04316EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:22 a.m.3 views

SUSE CVE-2015-1229

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

5CVSS8.9AI score0.00949EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.6 views

SUSE CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

5.9CVSS6.2AI score0.01521EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11070

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...

6.5CVSS6.9AI score0.03232EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.1 views

SUSE CVE-2022-43552

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

5.6CVSS8AI score0.02511EPSS
Exploits1References86
OSV
OSV
added 2023/02/09 8:15 p.m.7 views

AZL-13289 CVE-2022-43552 affecting package rust for versions less than 1.72.0-2

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

5.9CVSS6.7AI score0.02511EPSS
Exploits1References1
OSV
OSV
added 2023/02/09 8:15 p.m.5 views

AZL-13280 CVE-2022-43552 affecting package cmake for versions less than 3.21.4-13

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

5.9CVSS6.7AI score0.02511EPSS
Exploits1References1
OSV
OSV
added 2023/02/09 8:15 p.m.3 views

ALPINE-CVE-2022-43552

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

5.9CVSS7.1AI score0.02511EPSS
Exploits1References1
NVD
NVD
added 2023/01/27 11:15 p.m.18 views

CVE-2022-39324

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...

6.7CVSS6.4AI score0.00828EPSS
Exploits0References6
Prion
Prion
added 2023/01/27 11:15 p.m.39 views

Open redirect

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...

3.5CVSS5.9AI score0.00828EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/01/27 10:42 p.m.898 views

CVE-2022-39324

Grafana prior to versions 8.5.16 and 9.2.8 is affected by CVE-2022-39324, where a malicious user can craft a snapshot URL to mislead other users via an attacker-injected originalUrl. The vulnerability arises from a web proxy-related query editing, causing the Open original dashboard button to poi...

6.7CVSS4.9AI score0.00828EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/27 10:42 p.m.15 views

CVE-2022-39324 Grafana vulnerable to spoofing originalUrl of snapshots

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...

6.7CVSS6.4AI score0.00828EPSS
Exploits0References5
Huntr
Huntr
added 2022/12/21 1:27 a.m.21 views

A user can update information / password from other users

Description A user neither admin nor host can modify nickname, username and email from other users without permission, being a normal user. Steps to Reproduce 1. Login as user A here, called "ileana.maricel", HOST role. 2. In another browser login as user B called "ileana.mariceel", USER role. Co...

6.5CVSS0.00741EPSS
Exploits1References1
Prion
Prion
added 2022/12/08 11:15 p.m.22 views

Cross site scripting

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

4.9CVSS5.2AI score0.00351EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/08 10:14 p.m.30 views

CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

5.4CVSS5.4AI score0.00351EPSS
Exploits0References2
OSV
OSV
added 2022/12/08 10:14 p.m.26 views

CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

5.4CVSS5AI score0.00351EPSS
Exploits0References4
Rows per page
Query Builder