Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-29248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not...

8.1CVSS7.2AI score0.01239EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.99 views

Debian DSA-5246-1 : mediawiki - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5246 advisory. - An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite...

8.1CVSS6.6AI score0.0182EPSS
Exploits3References33
OpenVAS
OpenVAS
added 2022/09/19 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2022-0338)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.8AI score0.0182EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/07/03 12:0 a.m.50 views

FreeBSD : mediawiki -- multiple vulnerabilities (5ab54ea0-fa94-11ec-996c-080027b24e86)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5ab54ea0-fa94-11ec-996c-080027b24e86 advisory. - A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak...

8.1CVSS6.8AI score0.03425EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/05/25 6:15 p.m.59 views

CVE-2022-29248

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

8.1CVSS7.1AI score0.01239EPSS
Exploits0References5
CVE
CVE
added 2022/05/25 12:0 a.m.132 views

CVE-2022-29248

Guzzle prior to 6.5.6 and 7.4.3 exposed a cookie-domain validation flaw in the cookie middleware: a response Set-Cookie header could set cookies for unrelated domains if the cookie middleware was enabled (or cookies => true) and the client reused a single Guzzle instance across domains. The co...

8.1CVSS7.8AI score0.01239EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/25 12:0 a.m.52 views

Drupal 9.2.x < 9.2.20 / 9.3.x < 9.3.14 Drupal Vulnerability (SA-CORE-2022-010)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.20 or 9.3.x prior to 9.3.14. It is, therefore, affected by a vulnerability. - Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with t...

8.1CVSS7.7AI score0.01239EPSS
Exploits0References7
FreeBSD
FreeBSD
added 2022/05/16 12:0 a.m.50 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T308471 Username is not escaped in the "welcomeuser" message. T308473 Username not escaped in the contributions-title message. T309377, CVE-2022-29248 Update "guzzlehttp/guzzle" to version 6.5.6. T311384, CVE-2022-27776 Update "guzzlehttp/guzzle" to 6.5.8/7.4.5...

8.1CVSS2.6AI score0.03425EPSS
Exploits1References1
Rows per page
Query Builder