29 matches found
GHSA-78H2-9FRX-2JM8 vulnerabilities
Vulnerabilities for packages: cert-manager-istio-csr, grafana-mimir, spire-controller-manager, dkron, crossplane-provider-terraform, distribution-fips, sigstore-scaffolding, minio-fips, cloudflared, kubescape-operator-fips, trivy-fips, grype, cephcsi-fips, knative-eventing-fips, gitlab-cng-fips,...
Konica Bizhub Multifunction Printers Server-Side Request Forgery (CVE-2024-51981)
An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...
CVE-2019-11466
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access...
EUVD-2009-0425
Malware in sbrugna...
EUVD-2019-3139
Malware in sbrugna...
EUVD-2024-54701
Malicious code in bioql PyPI...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: consul-fips, addon-resizer, prometheus-adapter, karma-fips, hivemind, knative-eventing-fips, kube-logging-operator-custom-runner-fips, lvm-driver, grafana-operator, kube-vip-cloud-provider, eks-distro-fips, cloud-provider-aws-fips, terraform-provider-tls-fips,...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: consul-fips, addon-resizer, prometheus-adapter, karma-fips, hivemind, knative-eventing-fips, kube-logging-operator-custom-runner-fips, lvm-driver, grafana-operator, kube-vip-cloud-provider, eks-distro-fips, cloud-provider-aws-fips, terraform-provider-tls-fips,...
CVE-2024-51981
An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...
CVE-2024-51981 Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc.
An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...
CVE-2024-51981
CVE-2024-51981 describes an unauthenticated SSRF via a CLRF injection that can be exploited during a WS-Eventing SOAP subscription (WS-Addressing). The issue allows an attacker to control all HTTP data sent in the SSRF connection but cannot receive data from the connection, enabling network-bound...
GO-2023-2388 eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations in knative.dev/eventing-github
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations in knative.dev/eventing-github...
GHSA-99JV-8292-2HPM eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Impact The eventing-gitlab cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Impact The eventing-gitlab cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
GHSA-V7HC-87JC-QRRR eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Impact The eventing-github cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Impact The eventing-github cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
CVE-2023-35175
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery SSRF using the Web Service Eventing model...
CVE-2023-35175
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery SSRF using the Web Service Eventing model...
Server side request forgery (ssrf)
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery SSRF using the Web Service Eventing model...
CVE-2023-35175
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery SSRF using the Web Service Eventing model...