Lucene search
K

122 matches found

Mageia
Mageia
added 2025/02/25 4:58 p.m.32 views

Updated emacs packages fix a security vulnerability

A command injection flaw was found which could allow a remote, unauthenticated attacker to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...

8.8CVSS8.7AI score0.02657EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/01/28 9:18 a.m.4 views

git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

8.5CVSS5.7AI score0.0104EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/12/04 12:0 a.m.14 views

openSUSE Security Advisory (SUSE-SU-2024:4145-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.2AI score0.0111EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.34 views

Hanwha Vision NVR Remote Code Execution (CVE-2023-6116)

An attacker could inject arbitrary attack code by manipulating http url parameters. However, in order to succeed in the attack, the base address of the stack memory must be obtained. The default address depends on firmware version, configuration option information, and the attack is unlikely to...

8.9CVSS5.8AI score0.00661EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.3 views

Containous Traefik Input Validation Error Vulnerability

Containous Traefik is a reverse proxy and load balancer from US-based Containous. An input validation error vulnerability exists in Traefik v2.10.5 and earlier, v3.0.0-beta4 and earlier, which stems from the fact that when a request with a URL fragment is sent to Traefik, Traefik automatically...

6.5CVSS7.6AI score0.00625EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/10/21 12:0 a.m.41 views

Ubuntu 18.04 ESM : Gradle vulnerabilities (USN-4858-1)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4858-1 advisory. It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A...

5.9CVSS6.8AI score0.01366EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/07/29 9:30 a.m.24 views

Apache NiFi Code Injection vulnerability

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS8.7AI score0.0163EPSS
Exploits0References8Affected Software8
NVD
NVD
added 2023/07/29 8:15 a.m.70 views

CVE-2023-36542

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS8.8AI score0.0163EPSS
Exploits0References4
Prion
Prion
added 2023/07/29 8:15 a.m.20 views

Design/Logic Flaw

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

6.5CVSS8.8AI score0.0163EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/29 7:12 a.m.32 views

CVE-2023-36542 Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS7.4AI score0.0163EPSS
Exploits0References6
CVE
CVE
added 2023/07/29 7:12 a.m.111 views

CVE-2023-36542

Summary of CVE-2023-36542 (Apache NiFi) : NiFi versions 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which can enable a privileged user to configure a location that allows custom code execution. The root cause involves re...

8.8CVSS8.8AI score0.0163EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.1 views

SUSE CVE-2008-2665

Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...

5CVSS6.8AI score0.03377EPSS
Exploits4References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.3 views

SUSE CVE-2008-2666

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safemode restrictions by creating a subdirectory named http: and then placing ../ dot dot slash sequences in an http URL argument to the 1 chdir or 2 ftok function...

5CVSS7.2AI score0.13923EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2022/12/08 1:21 p.m.6 views

curl: HTTP proxy double-free

A vulnerability was found in curl. The issue occurs if curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL. It sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this...

8.1CVSS7.2AI score0.02927EPSS
Exploits0References5
OSV
OSV
added 2022/10/29 8:15 p.m.7 views

AZL-38185 CVE-2022-42915 affecting package tensorflow for versions less than 2.16.1-1

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS6.8AI score0.02927EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/10/29 12:0 a.m.5 views

CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

9.1AI score0.02927EPSS
Exploits0References10
Veracode
Veracode
added 2022/10/28 9:3 a.m.65 views

Double Free

Curl is vulnerable to double free. The vulnerability is due to the use of HTTP proxy for a transfer with a non-HTTPS URL which allows an attacker to trigger a double free...

8.1CVSS8.8AI score0.02927EPSS
Exploits0References16Affected Software13
CNVD
CNVD
added 2022/07/04 12:0 a.m.23 views

Jenkins Deployment Dashboard Plugin跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Deployment Dashboard Plugin versio...

4.3CVSS1.5AI score0.00558EPSS
Exploits0References1
OSV
OSV
added 2022/07/01 12:1 a.m.34 views

GHSA-X4G7-5XRM-5WMQ Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...

5.4CVSS4.8AI score0.00558EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.33 views

Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...

4.3CVSS5AI score0.00558EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder