122 matches found
Updated emacs packages fix a security vulnerability
A command injection flaw was found which could allow a remote, unauthenticated attacker to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs
A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...
openSUSE Security Advisory (SUSE-SU-2024:4145-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Hanwha Vision NVR Remote Code Execution (CVE-2023-6116)
An attacker could inject arbitrary attack code by manipulating http url parameters. However, in order to succeed in the attack, the base address of the stack memory must be obtained. The default address depends on firmware version, configuration option information, and the attack is unlikely to...
Containous Traefik Input Validation Error Vulnerability
Containous Traefik is a reverse proxy and load balancer from US-based Containous. An input validation error vulnerability exists in Traefik v2.10.5 and earlier, v3.0.0-beta4 and earlier, which stems from the fact that when a request with a URL fragment is sent to Traefik, Traefik automatically...
Ubuntu 18.04 ESM : Gradle vulnerabilities (USN-4858-1)
The remote Ubuntu 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4858-1 advisory. It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A...
Apache NiFi Code Injection vulnerability
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...
CVE-2023-36542
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...
Design/Logic Flaw
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...
CVE-2023-36542 Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...
CVE-2023-36542
Summary of CVE-2023-36542 (Apache NiFi) : NiFi versions 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which can enable a privileged user to configure a location that allows custom code execution. The root cause involves re...
SUSE CVE-2008-2665
Directory traversal vulnerability in the posixaccess function in PHP 5.2.6 and earlier allows remote attackers to bypass safemode restrictions via a .. dot dot in an http URL, which results in the URL being canonicalized to a local filename after the safemode check has successfully run...
SUSE CVE-2008-2666
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safemode restrictions by creating a subdirectory named http: and then placing ../ dot dot slash sequences in an http URL argument to the 1 chdir or 2 ftok function...
curl: HTTP proxy double-free
A vulnerability was found in curl. The issue occurs if curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL. It sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this...
AZL-38185 CVE-2022-42915 affecting package tensorflow for versions less than 2.16.1-1
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...
CVE-2022-42915
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...
Double Free
Curl is vulnerable to double free. The vulnerability is due to the use of HTTP proxy for a transfer with a non-HTTPS URL which allows an attacker to trigger a double free...
Jenkins Deployment Dashboard Plugin跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Deployment Dashboard Plugin versio...
GHSA-X4G7-5XRM-5WMQ Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...
Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...