6 matches found
EUVD-2023-28123
Malicious code in bioql PyPI...
CVE-2023-24060
Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...
CVE-2023-24060
Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...
Server side request forgery (ssrf)
Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...
CVE-2023-24060
Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...
Design/Logic Flaw
DISPUTED McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the...