16601 matches found
CVE-2024-8462
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462
Windmill 1.380.0 is affected by CVE-2024-8462 in the HTTP Request Handler (backend/windmill-api/src/users.rs), leading to improper restriction of excessive authentication attempts. The vulnerability is exploitable remotely with high attack complexity and low reported impact; upgrading to version ...
HTTP Request/Response Smuggling
com.typesafe.akka:akka-http-core is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to accepting malformed messages and handing them over to the user application, which may proxy them to another server without inspection, allowing unintended HTTP requests to reach downstre...
Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692)
The version of Rejetto HTTP File Server installed on the remote host is 2.x up to 2.3m. It is, therefore, affected by a vulnerability: - Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote,...
PT-2024-39029 · Windmill · Windmill
Name of the Vulnerable Software and Affected Versions: Windmill version 1.380.0 Description: A vulnerability exists in the HTTP Request Handler component, affecting an unknown function of the file backend/windmill-api/src/users.rs. This issue leads to improper restriction of excessive...
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...
GHSA-C34R-238X-F7QX Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...
CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...
CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...
CVE-2024-20440
CVE-2024-20440 affects Cisco Smart Licensing Utility (CSLU). An unauthenticated, remote attacker can access sensitive information due to excessive verbosity in a debug log file. Exploitation involves sending a crafted HTTP request to an affected device, potentially exposing log files containing c...
PT-2024-5914 · Cisco · Cisco Smart License Utility
Name of the Vulnerable Software and Affected Versions: Cisco Smart Licensing Utility affected versions not specified Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessiv...
Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data
Summary Golang Go has multiple vulnerabilities that include HTTP request smuggling, remote attacks to obtain sensitive information, denial of service, and unspecified errors with return an incorrect results. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION:...
Security Bulletin: Vulnerabilities in Netty affect watsonx.data
Summary Netty is vulnerable to HTTP request smuggling, to remote attacks causing weaker than expected security, and to denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw...
CVE-2024-45588
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lea...
CVE-2024-45586
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...
CVE-2024-45586
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...
CVE-2024-45588
The CVE-2024-45588 entry describes a vulnerability in Symphony XTS Web Trading platform, version 2.0.0.1_P160, caused by improper access controls in the APIs of the Preference module. An authenticated remote attacker can manipulate HTTP parameters to access and modify sensitive information belong...
CVE-2024-45588 Information Disclosure Vulnerability
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lea...