Denial Of Service (DoS)

torbot is vulnerable to Denial of Service DoS. An attacker is able to cause a denial-of-service DoS conditions on a vulnerable system by exploiting a regular expression that has exponential complexity by tricking a user into opening a malicious link or by sending a specially crafted HTTP request ...

Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to the use of Apache HTTP server (CVE-2022-26377).

Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability i...

Use After Free

vim is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into opening a malicious URL or by sending a specially crafted HTTP request to a vulnerable web server. The request would contain a specially crafted curl command that would cause the curl library...

Squid security vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in versions prior to Squid 6.4, which stems from improper handling of the chunking...

CVE-2023-43801

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

Design/Logic Flaw

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2023-43803

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

Authentication flaw

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

Design/Logic Flaw

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...

CVE-2023-43800

CVE-2023-43800 affects the Arduino Create Agent. The vulnerability stems from the endpoint /v2/pkgs/tools/installed, where a user able to issue HTTP requests to the localhost interface or bypass the CORS policy can escalate privileges to the user running the Arduino Create Agent service via a cra...

CVE-2023-43801 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2023-43801 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2023-43801

CVE-2023-43801 affects the Arduino Create Agent, specifically the endpoint /v2/pkgs/tools/installed. A user able to make HTTP requests to the localhost interface or bypass CORS can delete arbitrary files/folders owned by the Arduino Create Agent’s running user via a crafted HTTP DELETE request. R...

CVE-2023-43802 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

CVE-2023-43803 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2023-43803 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2023-43803

CVE-2023-43803 affects Arduino Create Agent. The vulnerability stems from how the endpoint /v2/pkgs/tools/installed handles user-supplied plugin names, enabling path traversal that could allow an attacker with localhost HTTP access or bypassed CORS to delete arbitrary files/folders owned by the A...

Arduino Create Agent path traversal - arbitrary file deletion vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...

GHSA-75J7-W798-CWWX Arduino Create Agent path traversal - local privilege escalation vulnerability

Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...