16599 matches found
XXE in PHPSpreadsheet's XLSX reader
Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...
CVE-2023-49952
Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...
CVE-2021-1465
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...
CVE-2021-1425 Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is bei...
CVE-2024-52944
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...
CVE-2024-52941
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
CVE-2024-52943
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
CVE-2024-52944
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...
CVE-2024-52944
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...
CVE-2024-52942
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
CVE-2024-52943
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
libsoup security update
2.72.0-8.el95.2 - Backport upstream patch for CVE-2024-52532 - infinite loop while reading websocket data - Resolves: RHEL-67068 2.72.0-8.el95.1 - Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names - Resolves: RHEL-67080...
PT-2024-8690
Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.10.11 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A flaw exists in the Python parser's handling of newlines within chunk extensions, potentially leading to request...
CVE-2024-52941
CVE-2024-52941 affects Veritas Enterprise Vault prior to 15.1 UPD882911. An authenticated remote attacker can inject a parameter into an HTTP request, enabling Cross-Site Scripting (XSS) when viewing archived content. The root cause is a lack of input sanitization in the affected flow (notably me...
CVE-2024-52943
The connected sources provide concrete details for CVE-2024-52943: Veritas Enterprise Vault (pre-15.1 UPD882911) has an issue in the HTMLView endpoint where an authenticated remote attacker can inject a parameter into an HTTP request, causing Cross-Site Scripting (XSS) when viewing archived conte...
PT-2024-13840 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions 4.1.x through 4.1.16 Mastodon versions 4.2.x through 4.2.8 Description: The issue allows a bypass of rate limiting via a crafted HTTP request header. This means that an attacker can send a specially designed HTTP request...
CVE-2023-49952
Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...
CVE-2024-52943
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
CVE-2022-20634
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An...
CVE-2022-20634 Cisco Enterprise Chat and Email Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An...