Lucene search
K

141 matches found

Cvelist
Cvelist
added 2023/03/27 12:0 a.m.36 views

CVE-2022-48357

Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service DoS attacks to the kernel...

7.6AI score0.00474EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.4 views

SUSE CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

5.3CVSS6.9AI score0.01692EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.6 views

SUSE CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

6.7CVSS7.6AI score0.02524EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.3 views

SUSE CVE-2022-2596

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10...

5.9CVSS6.4AI score0.01126EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/01/10 5:15 p.m.3 views

CVE-2022-4710

The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wprajaxsearchlinktarget' parameter in the 'datafetch' function. This makes it possibl...

6.1CVSS6.9AI score0.00728EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/08/29 12:0 a.m.9 views

The vulnerability of the Background Fetch component in Google Chrome and Microsoft Edge browsers allows attackers to disclose protected information.

The vulnerability of the Background Fetch component in Google Chrome and Microsoft Edge is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to disclose protected information through a specially created web page...

7.8CVSS6.7AI score0.00645EPSS
Exploits0References13Affected Software7
vulnersOsv
vulnersOsv
added 2022/08/02 12:0 a.m.3 views

4i18n-cli (>=0.0.2 <=0.0.7), @about7sharks/get-articles (>=0.0.1 <=0.0.22) +114 more potentially affected by CVE-2022-2596 via node-fetch (>=3.0.0 <=3.2.1)

node-fetch NPM version =3.0.0, =0.0.2, =0.0.1, =1.1.0, =1.273.2, =1.0.0, =7.0.0, =2.14.0, =0.9.0, =0.10.1, =0.5.1, =0.7.0 and more Source cves: CVE-2022-2596 Source advisory: OSV:GHSA-VP56-6G26-6827...

5.9CVSS6.5AI score0.01126EPSS
Exploits1
OSV
OSV
added 2022/04/29 5:15 p.m.3 views

UBUNTU-CVE-2021-4207

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...

8.2CVSS7.4AI score0.00399EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.9 views

PT-2022-7286

Name of the Vulnerable Software and Affected Versions git versions prior to 1.11.0 Description The issue is related to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that...

9.8CVSS7.9AI score0.04871EPSS
Exploits1References322
Snyk
Snyk
added 2022/03/11 10:47 a.m.3 views

Command Injection

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are...

9.8CVSS7.6AI score0.03584EPSS
Exploits0References2
NVD
NVD
added 2022/02/16 5:15 p.m.16 views

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

6.7CVSS0.00574EPSS
Exploits0References1
Prion
Prion
added 2022/02/16 5:15 p.m.22 views

Double free

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

4.6CVSS6.8AI score0.00574EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2022/02/16 4:37 p.m.20 views

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

7AI score0.00574EPSS
Exploits0References1
CVE
CVE
added 2022/02/16 4:37 p.m.225 views

CVE-2021-22041

CVE-2021-22041 is a double-fetch vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. The flaw allows a malicious actor with local VM-level administrative privileges to execute code as the VMX process running on the host, via isochronous USB endpoints. Red Hat ...

6.7CVSS7.1AI score0.00574EPSS
Exploits0References1Affected Software4
VMware
VMware
added 2022/02/13 12:0 a.m.233 views

VMSA-2022-0004:VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities

Advisory ID: VMSA-2022-0004 CVSSv3 Range: 5.3-8.4 Issue Date:2022-02-15 Updated On: 2022-02-15 Initial Advisory CVEs: CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050 Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities...

7.8CVSS7.8AI score0.02316EPSS
Exploits0References89Affected Software4
Huntr
Huntr
added 2022/02/12 5:7 p.m.39 views

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM attack will be able to receive the Authorization header due to the use of the insecure HTTP...

6.7AI score0.07443EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.5 views

The vulnerability of the fetch module in the Ansible configuration management system stems from deficiencies in path name restrictions, allowing attackers to access confidential data and compromise its integrity.

The vulnerability of the fetch module in the Ansible configuration system is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to access confidential data and compromise its integrity...

4.6CVSS6.5AI score0.00487EPSS
Exploits1References10Affected Software5
Debian CVE
Debian CVE
added 2022/01/16 12:0 a.m.66 views

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

8.8CVSS7.7AI score0.01646EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/06/23 12:0 a.m.5 views

PT-2021-7962 · Sssd +10 · Sssd +10

Name of the Vulnerable Software and Affected Versions: SSSD affected versions not specified Description: The issue is related to the sssctl command in the SSSD service, which lacks input sanitization measures. This allows a remote attacker to exploit the vulnerability, potentially gaining access ...

10CVSS6.1AI score0.02524EPSS
Exploits2References106
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.8 views

The vulnerability of the node-fetch library in the Aurora Center’s application software, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the node-fetch library in Aurora Application Software is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to deny services through a specially crafted regular expression...

5.3CVSS6.6AI score0.01692EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder