Lucene search
K

676 matches found

OSV
OSV
added 2022/12/08 10:14 p.m.27 views

CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

5.4CVSS5AI score0.00351EPSS
Exploits0References4
Kitploit
Kitploit
added 2022/11/22 11:30 a.m.29 views

Stegowiper - A Powerful And Flexible Tool To Apply Active Attacks For Disrupting Stegomalware

Over the last 10 years, many threat groups have employed stegomalware or other steganography-based techniques to attack organizations from all sectors and in all regions of the world. Some examples are: APT15/Vixen Panda, APT23/Tropic Trooper, APT29/Cozy Bear, APT32/OceanLotus, APT34/OilRig,...

7.4AI score
Exploits0References5
OSV
OSV
added 2022/10/29 8:15 p.m.6 views

AZL-11368 CVE-2022-42915 affecting package curl for versions less than 7.86.0-1

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS6.8AI score0.02927EPSS
Exploits0References1
OSV
OSV
added 2022/10/26 7:0 a.m.0 views

UBUNTU-CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS6.8AI score0.02927EPSS
Exploits0References4
Debian
Debian
added 2022/10/12 7:31 p.m.37 views

[SECURITY] [DLA 3151-1] squid security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3151-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA October 13, 2022 https://wiki.debian.org/LTS -...

8.6CVSS9AI score0.0282EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/06/24 6:5 a.m.47 views

CVE-2021-46784

A vulnerability was found in squid Web proxy cache server. This issue occurs due to improper buffer management while processing Gopher server responses. This flaw leads to a remote denial of service or a crash if it receives specially crafted network traffic, either by mistake or a malicious acto...

7.5CVSS3.9AI score0.0362EPSS
Exploits0References4
NVD
NVD
added 2022/06/01 6:15 p.m.29 views

CVE-2022-24848

DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the /api/programs/orgUnits?programs= API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from...

8.8CVSS0.01064EPSS
Exploits0References4
OSV
OSV
added 2022/06/01 5:20 p.m.27 views

CVE-2022-24848 SQL Injection in DHIS2's in OrgUnit program association

DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the /api/programs/orgUnits?programs= API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from...

8.8CVSS8.7AI score0.01064EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/06/01 5:20 p.m.33 views

CVE-2022-24848 SQL Injection in DHIS2's in OrgUnit program association

DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the /api/programs/orgUnits?programs= API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from...

8.8CVSS9.1AI score0.01064EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/05/27 12:0 a.m.42 views

Fortinet FortiOS Sensitive Information Disclosure (FG-IR-21-231)

A server-generated error message containing sensitive information in Fortinet FortiOS versions prior to 6.0, 6.2 to 6.2.10, 6.4 to 6.4.9 and 7.0 to 7.0.3 allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP stat...

4.3CVSS5.1AI score0.00767EPSS
Exploits0References2
CNVD
CNVD
added 2022/05/08 12:0 a.m.16 views

Fortinet FortiOS Information Disclosure Vulnerability (CNVD-2022-50947)

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS is vulnerable to an information leakage vulnerability that results from excessive data output in server-generated error messages, which can be exploited by...

4.3CVSS0.6AI score0.00767EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/05/04 3:25 p.m.15 views

CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

4.3CVSS6.4AI score0.00767EPSS
Exploits0References1
Fortinet
Fortinet
added 2022/05/03 12:0 a.m.87 views

Protect

A server-generated error message containing sensitive information vulnerability CWE-550 in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages...

4.3CVSS4.8AI score0.00767EPSS
Exploits0Affected Software2
NVD
NVD
added 2022/04/06 6:15 p.m.21 views

CVE-2022-20784

A vulnerability in the Web-Based Reputation Score WBRS engine of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to...

5.8CVSS0.00896EPSS
Exploits0References1
Prion
Prion
added 2022/04/06 6:15 p.m.19 views

Cross site request forgery (csrf)

A vulnerability in the Web-Based Reputation Score WBRS engine of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to...

5CVSS5.4AI score0.00896EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/06 6:11 p.m.9 views

CVE-2022-20784 Cisco Web Security Appliance Filter Bypass Vulnerability

A vulnerability in the Web-Based Reputation Score WBRS engine of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to...

5.8CVSS7AI score0.00896EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/06 12:0 a.m.3 views

Cisco Web Security Appliance 输入验证错误漏洞

The Cisco Web Security Appliance WSA is a web security appliance from Cisco USA. The appliance provides SaaS-based access control, real-time web reporting and tracking, and development of security policies. The Cisco Web Security Appliance WSA suffers from an input validation error vulnerability...

5.8CVSS5.8AI score0.00896EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.3 views

Privoxy 输入验证错误漏洞

Privoxy is a proxy server from the Privoxy team in the USA that does not cache web pages and comes with its own filtering features. It has advanced filtering features to enhance privacy, modify web data and HTTP headers, control access and remove advertisements and other annoying Internet...

7.5CVSS7.2AI score0.01302EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/11/11 12:0 a.m.5 views

Zoom 多款产品输入验证错误漏洞

ZOOM Zoom Call Recording is a scalable session recording management solution.ZOOM on-premise Meeting Connector is a meeting connector.Zoom On- Premise Meeting Connector Controller and others are products of Zoom USA.Zoom On-Premise Meeting Connector Controller is an on-premise meeting connector. ...

9CVSS7.3AI score0.01238EPSS
Exploits0References2
NVD
NVD
added 2021/10/11 5:15 p.m.11 views

CVE-2021-27002

NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy...

7.5CVSS0.01347EPSS
Exploits0References1
Rows per page
Query Builder