Lucene search
K

6 matches found

Ubuntu
Ubuntu
added 2023/11/21 9:15 a.m.70 views

USN-6491-1: Node.js vulnerabilities

Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2022-32212 Zeyu Zhang discovered that Node.js incorrectl...

8.1CVSS7.5AI score0.77766EPSS
Exploits4
Cloud Foundry
Cloud Foundry
added 2022/09/29 12:0 a.m.33 views

USN-5587-1: curl vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTPS server might return a 400 Bad Request Error response. A malicious cookie host...

3.7CVSS6.4AI score0.01839EPSS
Exploits1Affected Software3
Node JS Blog
Node JS Blog
added 2022/07/07 12:0 a.m.52 views

July 7th 2022 Security Releases

July 7th 2022 Security Releases Update 07-July-2022 Security releases available Updates are now available for the v18.x, v16.x, and v14.x Node.js release lines for the following issues. HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http...

10CVSS7AI score0.77766EPSS
Exploits7
Github Security Blog
Github Security Blog
added 2022/05/24 10:4 p.m.33 views

Smokescreen SSRF via deny list bypass (square brackets)

Impact The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional e.g., external URLs by...

6.5CVSS6.4AI score0.00793EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 10:4 p.m.41 views

GHSA-QWRF-GFPJ-QVJ6 Smokescreen SSRF via deny list bypass (square brackets)

Impact The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional e.g., external URLs by...

5.3CVSS5.8AI score0.00793EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2022/05/11 1:14 p.m.101 views

USN-5412-1: curl vulnerabilities

Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. CVE-2022-27780 Florian Kohnhuser discovered...

7.5CVSS6.7AI score0.02596EPSS
Exploits3
Rows per page
Query Builder