Lucene search
+L

359 matches found

nvd
nvd
added 2022/12/19 9:15 p.m.21 views

CVE-2022-43883

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266...

7.5CVSS0.00586EPSS
Exploits0References2
osv
osv
added 2022/12/19 9:15 p.m.7 views

CVE-2022-43883

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266...

7.5CVSS5.9AI score0.00586EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2022/12/19 8:47 p.m.7 views

CVE-2022-43883 IBM Cognos Analytics data manipulation

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266...

6.5CVSS7.3AI score0.00586EPSS
Exploits0References2
prion
prion
added 2022/12/16 4:15 p.m.20 views

Server side request forgery (ssrf)

Adobe Campaign version 7.3.1 and earlier and 8.3.9 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URL...

4CVSS6.3AI score0.01364EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2022/11/17 5:15 p.m.24 views

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramete...

7.5CVSS0.01949EPSS
Exploits1References1
prion
prion
added 2022/11/17 5:15 p.m.13 views

Server side request forgery (ssrf)

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramete...

5CVSS7.7AI score0.01949EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2022/11/17 12:0 a.m.6 views

kkFileView 代码问题漏洞

Keking kkFileView is China's Keking Technology Keking company's Spring-Boot to build a file document online preview project . A security vulnerability exists in kkFileView v4.1.0, which stems from the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile containing server-side...

7.5CVSS7.3AI score0.01949EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2022/11/17 12:0 a.m.4 views

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramete...

7.9AI score0.01949EPSS
Exploits1References1
bdu_fstec
bdu_fstec
added 2022/11/14 12:0 a.m.5 views

The vulnerability of the Kube API-server of the Kubernetes cluster management software allows a attacker to execute arbitrary requests.

The vulnerability of the Kube API-server of the Kubernetes cluster management software is related to errors in checking node addresses. Exploiting this vulnerability allows a remote attacker to execute arbitrary requests...

10CVSS7.4AI score0.01618EPSS
Exploits0References5Affected Software3
nvd
nvd
added 2022/10/17 4:15 p.m.20 views

CVE-2022-2527

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...

8CVSS0.00846EPSS
Exploits0References3
prion
prion
added 2022/10/17 4:15 p.m.21 views

Design/Logic Flaw

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...

6CVSS7.5AI score0.00846EPSS
Exploits0References3Affected Software1
ubuntucve
ubuntucve
added 2022/10/17 4:15 p.m.23 views

CVE-2022-3060

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

7.3CVSS7AI score0.00895EPSS
Exploits0References1
prion
prion
added 2022/10/17 4:15 p.m.18 views

Improper access control

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

4.9CVSS6.8AI score0.00895EPSS
Exploits0References3Affected Software1
osv
osv
added 2022/10/17 4:15 p.m.2 views

UBUNTU-CVE-2022-3060

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

7.3CVSS7.2AI score0.00895EPSS
Exploits0References2
cvelist
cvelist
added 2022/10/17 12:0 a.m.28 views

CVE-2022-3060

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

7.3CVSS7.1AI score0.00895EPSS
Exploits0References3
cvelist
cvelist
added 2022/10/17 12:0 a.m.24 views

CVE-2022-2527

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...

7.3CVSS7.6AI score0.00846EPSS
Exploits0References3
osv
osv
added 2022/10/17 12:0 a.m.18 views

CVE-2022-2527

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...

7.3CVSS7.4AI score0.00846EPSS
Exploits0References5
osv
osv
added 2022/10/17 12:0 a.m.18 views

CVE-2022-3060

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

7.3CVSS6.9AI score0.00895EPSS
Exploits0References5
nessus
nessus
added 2022/10/14 12:0 a.m.28 views

GitLab 12.7 < 15.2.5 / 15.3 < 15.3.4 / 15.4 < 15.4.1 (CVE-2022-3060)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make...

7.3CVSS7.5AI score0.00895EPSS
Exploits0References4
nvd
nvd
added 2022/09/20 9:15 p.m.20 views

CVE-2022-40357

A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...

9.8CVSS0.01208EPSS
Exploits1References1
Rows per page
Query Builder