TP-LINK TL-WDR7660 安全漏洞

TL-WDR7660 is a Gigabit router from China Pulian TP-LINK. Ltd. TL-WDR7660 httpProcDataSrv arbitrary code execution vulnerability, which can be exploited by remote attackers to submit special requests to execute arbitrary code in the application context...

PT-2022-24909 · Nextcloud · User Oidc

Name of the Vulnerable Software and Affected Versions: user oidc versions prior to 1.2.1 Description: The issue concerns the user oidc OpenID Connect user backend for Nextcloud, where sensitive information such as OIDC client credentials and tokens are sent in plain text over HTTP without TLS in...

CLSA-2022-1646085619 Fix of CVE: CVE-2020-27619, CVE-2021-23336

CVE-2020-27619: Unsafe use of eval on data retrieved via HTTP in the test suite rhbz1889886 - CVE-2021-23336: Web cache poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a semicolon in query parameters rhbz1928904...

CVE-2021-22056

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response...

python: Unsafe use of eval() on data retrieved via HTTP in the test suite

In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

python: Unsafe use of eval() on data retrieved via HTTP in the test suite

In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

Design/Logic Flaw

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data...

DTEN D5 and DTEN D7 Information Disclosure Vulnerabilities (CNVD-2020-03013)

The DTEN D5 and DTEN D7 are both stylus pens from DTEN. A security vulnerability exists in the DTEN D5 version prior to 1.3 and the D7 version prior to 1.3, which originates when the program passes user data files over the HTTP protocol. The vulnerability can be exploited by an attacker to access...

squid:4 security and bug fix update

An update is available for libecap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Squid is a high-performance proxy caching server for web clients, supporting...

CVE-2019-2878

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: HTTP data path subsystems. The supported version that is affected is 8.8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis...

CVE-2019-2878

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: HTTP data path subsystems. The supported version that is affected is 8.8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis...

Unspecified Vulnerability in Oracle Sun Systems Products Suite Sun ZFS Storage Appliance Kit Component (CNVD-2019-36189)

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation.Sun ZFS Storage Appliance Kit AK is one of the ZFS storage appliance kits. A security vulnerability exists in the HTTP data path subsystems subcomponent of the Sun ZFS Storage AK prior to version 8.7.18...

CVE-2018-2927

CVE-2018-2927 affects the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems), with exploitation possible on versions prior to 8.7.18. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to gain ...

geoip-lite-country code execution vulnerability

geoip-lite-country is a lite version of the geoip-lite library for querying the location of IP addresses, supporting only country queries for IPs. A security vulnerability exists in versions of geoip-lite-country prior to 1.1.4, which originates when a program downloads a data resource over the...

Code injection

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: HTTP data path subsystems. The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2018-2857

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: HTTP data path subsystems. The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

WebKitGTK+ Late TLS Certificate Validation Vulnerability

WebKitGTK+ is a versatile port for the WebKit rendering engine. A security vulnerability exists in the Late TLS certificate validation of WebKitGTK+. A remote attacker can exploit this vulnerability to obtain secure HTTP request information via sniffing...

Security Bypass Vulnerabilities in Multiple Cisco Products

Cisco TelePresence Video Communication Server VCS and Cisco Expressway are both telepresence video communication servers from Cisco that integrate with Unified Communications and voice communication environments to provide the best possible experience for end users using a variety of communicatio...

Oracle MySQL 'Server: InnoDB' Component Has Unspecified Vulnerability

Oracle MySQL is an open source relational database management system from Oracle. This database system is characterized by high performance, low cost and good reliability. A remote security vulnerability exists in the 'Server: InnoDB' subplugin in Oracle MySQL. A remote attacker can exploit the...

Design/Logic Flaw

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...