Lucene search
K

211 matches found

OpenVAS
OpenVAS
added 2024/10/22 12:0 a.m.58 views

VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Linux

The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.9AI score0.54862EPSS
Exploits7References4
Github Security Blog
Github Security Blog
added 2024/10/18 6:30 a.m.159 views

Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS6.6AI score0.00631EPSS
Exploits1References6Affected Software2
Cvelist
Cvelist
added 2024/10/18 5:39 a.m.55 views

CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS0.00631EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/18 5:39 a.m.34 views

CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS6.7AI score0.00631EPSS
Exploits1References1
CVE
CVE
added 2024/10/18 5:39 a.m.447 views

CVE-2024-38820

The CVE-2024-38820 issue concerns Spring Framework DataBinder: lowercase conversion for disallowedFields and request parameter names was made locale-independent, but locale-dependent edge cases in String.toLowerCase() can still bypass the checks. Affected products/versions from linked advisories ...

5.3CVSS3.9AI score0.00631EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.4 views

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from case-sensitive matching exceptions that could cause fields to...

5.3CVSS6.1AI score0.00631EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2024/05/18 11:23 a.m.82 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 RCE POC A POC for CVE-2024-32002 demonstrating...

9CVSS8.3AI score0.25334EPSS
Exploits32
Veracode
Veracode
added 2023/10/18 5:20 a.m.33 views

Information Disclosure

Apache Airflow is vulnerable to Information Disclosure. The vulnerability is due to the sensitiveconfigvalues function in configuration.py failing to check for sensitive configurations using case-sensitive matches. This allows an attackers to retrieve sensitive data by exploiting case mismatches,...

4.3CVSS6.7AI score0.01232EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/10/15 7:15 p.m.32 views

CVE-2018-25091

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...

6.1CVSS6.8AI score0.00512EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/09/18 12:0 a.m.36 views

Oracle Linux 9 : istio (ELSA-2023-12771)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12771 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 -...

9.8CVSS6.8AI score0.00735EPSS
Exploits3References5
Amazon
Amazon
added 2023/08/21 12:0 a.m.8 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some...

9.8CVSS7.1AI score0.01288EPSS
Exploits3
Debian
Debian
added 2023/07/27 8:4 p.m.6 views

[SECURITY] [DLA 3509-1] libmail-dkim-perl update

Debian LTS Advisory DLA-3509-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 27, 2023 https://wiki.debian.org/LTS Package : libmail-dkim-perl Version : 0.54-1+deb10u1 Debian Bug : 1039489 It was discovered that the domain check in libmail-dkim-perl, a Perl...

5.8AI score
Exploits0
Veracode
Veracode
added 2023/07/27 9:42 a.m.28 views

Authentication Bypass

github.com/envoyproxy/envoy is vulnerable to Authentication Bypass. The library supports mixed-case schemes for HTTP/2; however, internal checks that are case-sensitive may result in rejections or bypasses in unencrypted connections, possibly harming htTp and htTps requests...

8.2CVSS7AI score0.00598EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2023/07/25 7:15 p.m.22 views

Design/Logic Flaw

Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests wit...

5CVSS6.1AI score0.00598EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/25 6:35 p.m.12 views

CVE-2023-35944 Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes

Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests wit...

8.2CVSS6.6AI score0.00598EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/25 6:35 p.m.26 views

CVE-2023-35944 Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes

Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests wit...

8.2CVSS9.1AI score0.00598EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.4 views

PT-2023-3901 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.27.0 Envoy versions prior to 1.26.4 Envoy versions prior to 1.25.9 Envoy versions prior to 1.24.10 Envoy versions prior to 1.23.12 Description: The issue is related to the handling of mixed-case schemes in HTTP/2 by...

8.5CVSS6.8AI score0.00598EPSS
Exploits1References11
NVD
NVD
added 2023/05/30 8:15 p.m.27 views

CVE-2023-33178

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

6.5CVSS6.7AI score0.00626EPSS
Exploits0References3
OSV
OSV
added 2023/05/30 7:55 p.m.29 views

CVE-2023-33178 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

6.5CVSS7AI score0.00626EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.17 views

Schneider Electric Easy UPS Online Monitoring Software 操作系统命令注入漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from the French company Schneider Electric. The Schneider Electric Easy UPS Online Monitoring Software suffers from an operating system command injection vulnerability that stems from a mishandled case-sensitive...

9.8CVSS8.9AI score0.01223EPSS
Exploits0References2
Rows per page
Query Builder