42 matches found
EUVD-2018-3018
Malware in sbrugna...
EUVD-2018-4524
Malware in sbrugna...
EUVD-2022-47982
Malicious code in bioql PyPI...
EUVD-2024-0659
Malicious code in bioql PyPI...
EUVD-2022-2461
Malicious code in bioql PyPI...
TencentOS Server 3: varnish (TSSA-2022:0265)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0265 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2023-27640
An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...
CVE-2023-27638
An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommercedesigncartid GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and...
CVE-2022-29180
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
Alibaba Cloud Linux 3 : 0187: varnish:6 (ALINUX3-SA-2022:0187)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0187 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-45060: An HTTP Request Forgery issue was...
BIT-VARNISH-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce...
CVE-2024-25128
Removed by vendor...
Rocky Linux 9 : varnish (RLSA-2022:8643)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8643 advisory. - An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce...
CVE-2023-27639
Summary of CVE-2023-27639 (PrestaShop Tshirtecommerce) The Custom Product Designer (tshirtecommerce) module for PrestaShop, version 2.1.4 and earlier, allows an HTTP request to be forged via the POST parameter file_name in the endpoint tshirtecommerce/ajax.php?type=svg. This enables a remote atta...
CVE-2023-27639
An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter filename in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to...
CVE-2023-27640
The PrestaShop module tshirtecommerce (Custom Product Designer) version 2.1.4 is affected by a directory traversal vulnerability in the fonts.php endpoint. An attacker can forge HTTP requests using the POST parameter type (and related GET parameters) to traverse the server’s file system and read ...
CVE-2023-27637
An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...
Debian DSA-5334-1 : varnish - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5334 advisory. - An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters...
Fedora 36 : varnish (2022-babfbc2622)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-babfbc2622 advisory. This release includes fix for CVE-2022-45059 VSV00010 and CVE-2022-45060 VSV00011. From the upstream release notes: VSV00010 Varnish Request Smuggli...
Fedora 35 : varnish (2022-99c5ddb2ae)
The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-99c5ddb2ae advisory. This is a security update adding fixes for the following issues VSV00009 aka CVE-2022-38150: Denial of service VSV00010 aka CVE-2022-45059: Request...