62 matches found
EUVD-2016-1698
Malware in sbrugna...
EUVD-2025-4010
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-7544
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password...
CVE-2025-25069
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained...
CVE-2025-25069
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained...
CVE-2025-25069
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained...
CVE-2025-25069 Apache Kvrocks: Cross-Protocol Scripting Vulnerability
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained...
CVE-2025-25069
The CVE-2025-25069 entry describes a Cross-Protocol Scripting vulnerability in Apache Kvrocks, where Kvrocks does not detect Host: or POST in RESP requests, allowing an HTTP request to be interpreted as a RESP request and potentially trigger dangerous database operations, especially when chained ...
CVE-2025-25069 Apache Kvrocks: Cross-Protocol Scripting Vulnerability
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained...
PT-2025-5971 · Apache · Apache Kvrocks
Name of the Vulnerable Software and Affected Versions: Apache Kvrocks versions 1.0 through 2.11.0 Description: A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks did not detect if Host: or POST appears in RESP requests, a valid HTTP request can also be sent to...
Debian: Security Advisory (DLA-1161-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2016-10517
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...
SUSE CVE-2018-5704
Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...
SUSE CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
CVE-2018-5704
Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...
SUSE SLES11 Security Update : openvpn-openssl1 (SUSE-SU-2021:14723-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14723-1 advisory. - DISPUTED A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enable...
SUSE: Security Advisory (SUSE-SU-2021:1576-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:14723-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2021:0734-1 Security update for openvpn
This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. - CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key bsc1169925. - CVE-2018-7544: Fixed cross-protocol scriptin...
Security update for openvpn (moderate)
openSUSE Security Update: Security update for openvpn Announcement ID: openSUSE-SU-2021:0734-1 Rating: moderate References: 1085803 1169925 1185279 Cross-References: CVE-2018-7544 CVE-2020-11810 CVE-2020-15078 CVSS scores: CVE-2018-7544 NVD : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H...