Lucene search
K

9792 matches found

Snyk
Snyk
added 2022/01/21 11:22 p.m.2 views

Improper Authentication

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Improper Authentication. CGI::Cookie.parse mishandles security prefixes in cookie names by applying URL decoding to cookie names. An attacker could exploit this vulnerability t...

7.5CVSS6.8AI score0.02931EPSS
Exploits1References2
OSV
OSV
added 2022/01/21 11:22 p.m.30 views

GHSA-4VF4-QMVG-MH7H Cookie Prefix Spoofing in CGI::Cookie.parse

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem prior to versions 0.3.1, 0.2.1, 0.1.1, and 0.1.0.1 for Ruby...

7.5CVSS7.7AI score0.02931EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2022/01/21 11:22 p.m.46 views

Cookie Prefix Spoofing in CGI::Cookie.parse

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem prior to versions 0.3.1, 0.2.1, 0.1.1, and 0.1.0.1 for Ruby...

7.5CVSS7.5AI score0.02931EPSS
Exploits1References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/01/18 12:0 a.m.41 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-5235-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5235-1 advisory. It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash...

9.8CVSS7.3AI score0.04766EPSS
Exploits3References4
Microsoft CVE
Microsoft CVE
added 2022/01/13 8:0 a.m.2 views

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

...

7.5CVSS7.3AI score0.02931EPSS
Exploits1
OSV
OSV
added 2022/01/13 3:44 a.m.39 views

GO-2021-0226 Cross-site scripting in net/http/cgi and net/http/fcgi

When a Handler does not explicitly set the Content-Type header, the the package would default to “text/html”, which could cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response. The Content-Type header is now set based on the contents of the...

6.1CVSS6.2AI score0.03646EPSS
Exploits2References4
BDU FSTEC
BDU FSTEC
added 2022/01/12 12:0 a.m.3 views

The vulnerability of the Apache mod_cgi module for HTTP servers in the SonicWall network device software for the SMA series (SMA 100, SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500vl) allows attackers to execute arbitrary code.

The vulnerability of the Apache modcgi module for HTTP servers in the SonicWall network devices from the SMA series SMA 100, SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v is related to the execution of code outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to...

9.8CVSS8.9AI score0.99912EPSS
Exploits7References5Affected Software6
CNVD
CNVD
added 2022/01/05 12:0 a.m.40 views

Telesquare TLR-2005KSH Access Control Error Vulnerability

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from Telesquare Korea.Telesquare TLR-2005KSH is vulnerable to an access control error, which can be exploited by attackers to upload arbitrary files, including HTML and CGI formats...

9.8CVSS3.3AI score0.56931EPSS
Exploits5References1
CNVD
CNVD
added 2022/01/04 12:0 a.m.17 views

Netgear RAX43 Buffer Overflow Vulnerability

The Netgear RAX43 is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between them. A buffer overflow vulnerability exists in Netgear RAX43 version 1.0.3.96. The vulnerability is caused by the URL parsing functionality of the...

8.8CVSS8.8AI score0.02177EPSS
Exploits0References1
NVD
NVD
added 2022/01/03 2:15 p.m.17 views

CVE-2021-45428

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...

9.8CVSS0.56931EPSS
Exploits5References2
Prion
Prion
added 2022/01/03 2:15 p.m.11 views

Improper access control

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...

7.5CVSS9.5AI score0.56931EPSS
Exploits5References2
Cvelist
Cvelist
added 2022/01/03 1:25 p.m.19 views

CVE-2021-45428

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...

9.8AI score0.56931EPSS
Exploits5References2
CVE
CVE
added 2022/01/03 1:25 p.m.249 views

CVE-2021-45428

Summary: CVE-2021-45428 affects Telesquare TLR-2005KSH 1.0.0. An incorrect access control vulnerability leaves the PUT/WebDAV path enabled, allowing an attacker to upload arbitrary files (e.g., HTML/CGI). This can lead to remote code execution as described in public exploit notes. The NVD metrics...

9.8CVSS9.4AI score0.56931EPSS
Exploits5References2Affected Software1
CNVD
CNVD
added 2022/01/03 12:0 a.m.17 views

Netgear RAX43 Command Injection Vulnerability

Netgear RAX43 is a wireless router from Netgear, Inc. A command injection vulnerability exists in Netgear RAX43, which stems from the inclusion of a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. No details of the...

8CVSS2.5AI score0.08461EPSS
Exploits0References1
NVD
NVD
added 2022/01/01 6:15 a.m.17 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS0.02931EPSS
Exploits1References6
OSV
OSV
added 2022/01/01 6:15 a.m.26 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS6.8AI score0.02931EPSS
Exploits1References6
OSV
OSV
added 2022/01/01 6:15 a.m.9 views

AZL-7126 CVE-2021-41819 affecting package ruby for versions less than 3.1.2-2

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS6.7AI score0.02931EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/01/01 6:15 a.m.26 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS6.8AI score0.02931EPSS
Exploits1References4
Prion
Prion
added 2022/01/01 6:15 a.m.53 views

Code injection

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

5CVSS7.5AI score0.02931EPSS
Exploits1References6Affected Software7
Cvelist
Cvelist
added 2022/01/01 12:0 a.m.26 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.9AI score0.02931EPSS
Exploits1References6
Rows per page
Query Builder