7 matches found
EUVD-2023-28123
Malicious code in bioql PyPI...
CVE-2023-24060
Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...
CVE-2023-24060
Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...
Server side request forgery (ssrf)
Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...
CVE-2023-24060
Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...
CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct...
Design/Logic Flaw
DISPUTED McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the...