Lucene search
K

122 matches found

NVD
NVD
added 2019/12/17 3:15 p.m.22 views

CVE-2019-16552

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...

5.5CVSS5.3AI score0.00622EPSS
Exploits0References2
OSV
OSV
added 2019/12/17 3:15 p.m.19 views

CVE-2019-16552

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...

5.4CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2019/12/17 3:15 p.m.21 views

CVE-2019-16551

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...

8.8CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2019/12/17 3:15 p.m.17 views

Code injection

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...

5.5CVSS5.3AI score0.00622EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/12/17 3:15 p.m.21 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...

6.8CVSS8.6AI score0.00691EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.28 views

CVE-2019-16552

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...

5.3AI score0.00622EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/07/30 8:15 p.m.26 views

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

8.1CVSS7.8AI score0.00668EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/04/26 12:0 a.m.48 views

Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability

According to its self-reported version, Cisco Wireless LAN Controller WLC is affected by following vulnerability - A vulnerability in Locally Significant Certificate LSC management for the Cisco Wireless LAN Controller WLC could allow an authenticated, remote attacker to cause the device to...

6.8CVSS5.6AI score0.01229EPSS
Exploits0References3
Prion
Prion
added 2019/04/25 4:29 p.m.17 views

Improper access control

Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provide...

7.5CVSS9.3AI score0.0268EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/04/19 12:0 a.m.45 views

Cisco FTD Web Services DoS (cisco-sa-20180606-asaftd)

The remote Cisco Firepower Threat Defense FTD Software is missing a vendor-supplied security patch. It is, therefore, affected by a vulnerability in the web interface due to improper validation of the HTTP URL. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP...

7.5CVSS7.5AI score0.99903EPSS
Exploits18References3
Cisco
Cisco
added 2019/04/17 4:0 p.m.40 views

Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability

A vulnerability in Locally Significant Certificate LSC management for the Cisco Wireless LAN Controller WLC could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service DoS condition. The attacker would need to have valid administrato...

4.9CVSS1.9AI score0.01229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/04/09 1:20 p.m.23 views

CVE-2019-9901

A flaw was found in Envoy version 1.9.0 and older, where Envoy does not normalize HTTP URL paths. This flaw allows a remote attacker to craft a path with a relative path and to bypass access control. This issue results in a backend server with the ability to interpret the unnormalized path...

10CVSS3.9AI score0.0268EPSS
Exploits0References2
Prion
Prion
added 2018/06/07 12:29 p.m.28 views

Directory traversal

A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will...

5CVSS7.8AI score0.99903EPSS
Exploits18References6Affected Software2
Cvelist
Cvelist
added 2018/06/07 12:0 p.m.26 views

CVE-2018-0296

A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will...

7.9AI score0.99903EPSS
Exploits18References6
Cvelist
Cvelist
added 2017/11/06 8:0 a.m.15 views

CVE-2017-16569

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...

5.1AI score0.00479EPSS
Exploits0References1
OSV
OSV
added 2017/08/11 9:29 p.m.5 views

ALPINE-CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

9.8CVSS7AI score0.18892EPSS
Exploits3References1
OSV
OSV
added 2017/01/23 9:59 p.m.17 views

CVE-2016-5873

Buffer overflow in the HTTP URL parsing functions in peclhttp before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL...

9.8CVSS8.1AI score
Exploits0References8
Cvelist
Cvelist
added 2017/01/23 9:0 p.m.23 views

CVE-2016-5873

Buffer overflow in the HTTP URL parsing functions in peclhttp before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL...

9.9AI score0.04701EPSS
Exploits1References8
Openbugbounty
Openbugbounty
added 2016/12/21 2:9 p.m.9 views

ralphlauren.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-199080 Description| Value ---|--- Affected Website:| ralphlauren.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
NVD
NVD
added 2016/12/14 12:59 a.m.14 views

CVE-2016-6469

A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-1...

7.5CVSS7.5AI score0.01589EPSS
Exploits0References2
Rows per page
Query Builder