Lucene search
+L

58 matches found

osv
osv
added 2022/05/24 4:44 p.m.22 views

GHSA-27J5-2H6R-C9Q2 OpenAPI Tools OpenAPI Generator uses HTTP in various files

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

7.4CVSS7.7AI score0.01198EPSS
Exploits1References5
github
github
added 2022/05/24 4:44 p.m.27 views

OpenAPI Tools OpenAPI Generator uses HTTP in various files

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

8.1CVSS0.01198EPSS
Exploits1References5Affected Software1
huntr
huntr
added 2022/03/14 10:17 a.m.12 views

? before the @ sign allows one to bypass whitelists

Description ? before the @ sign in HTTP URLs allows one to bypass whitelists Proof of Concept Convince NodeJS HTTP client to make a request to 127.0.0.1 bypassing a google.com whitelist. const parse = require'parse-url' const http = require'http' const url = parse"http://[email protected]" if...

1AI score
Exploits0
huntr
huntr
added 2021/09/01 12:30 a.m.14 views

Command Injection in yogeshojha/rengine

✍️ Description RCE via the proxy feature of Rengine. Proxies can be added in Rengine for executables like httpx to use in a scan. This functionality can be used to inject a command and run arbitrary code. 🕵️‍♂️ Proof of Concept Add this as the only proxy in the proxy list in the Proxy settings:...

0.8AI score
Exploits0
attackerkb
attackerkb
added 2021/08/07 3:15 a.m.3 views

CVE-2021-38148

Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs...

9.8CVSS7.2AI score0.01225EPSS
Exploits0References2
cve
cve
added 2021/08/07 2:28 a.m.787 views

CVE-2021-38148

Obsidian up to version 0.12.11 does not require user confirmation for non-http/https URLs, per CVE-2021-38148. The root cause is a missing user consent check when handling non-http/https links, which can lead to unintended navigation or loading of external content. The CVSS data indicates high im...

9.8CVSS9.5AI score0.01225EPSS
Exploits0References1Affected Software1
osv
osv
added 2021/03/20 9:15 p.m.2 views

DEBIAN-CVE-2021-28117

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs that are neither https:// nor http:// based on the content of the store.kde.org web site. 5.18.7 is also a fixed version...

7.5CVSS7.3AI score0.01563EPSS
Exploits0References1
oraclelinux
oraclelinux
added 2019/11/14 12:0 a.m.84 views

python3 security and bug fix update

3.6.8-15.1.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-15.1 - Patch 329 FIPS modified: Added workaround for modssl: Skip error checking in Pyhashlibfipserror Resolves: rhbz1760106 3.6.8-15 - Patch 329 that adds support for OpenSSL FIPS mode has been improved and...

9.8CVSS8.5AI score0.21443EPSS
Exploits4
nvd
nvd
added 2019/07/30 9:15 p.m.35 views

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

8.1CVSS8.1AI score0.00668EPSS
Exploits1References3
osv
osv
added 2019/07/30 9:15 p.m.2 views

DEBIAN-CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

8.1CVSS7.8AI score0.00668EPSS
Exploits1References1
osv
osv
added 2019/07/30 9:15 p.m.21 views

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

8.1CVSS8.1AI score
Exploits0References3
ubuntucve
ubuntucve
added 2019/07/30 9:15 p.m.29 views

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

8.1CVSS7.1AI score0.00668EPSS
Exploits1References5
prion
prion
added 2019/07/30 9:15 p.m.22 views

Authentication flaw

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

4.3CVSS7.9AI score0.00668EPSS
Exploits1References3Affected Software1
cve
cve
added 2019/07/30 8:15 p.m.84 views

CVE-2019-5448

CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...

8.1CVSS7.8AI score0.00668EPSS
Exploits1References3Affected Software1
ubuntu
ubuntu
added 2014/09/23 4:12 p.m.45 views

USN-2353-1: APT vulnerability

It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for...

6.8CVSS8.5AI score0.02437EPSS
Exploits0
nessus
nessus
added 2013/05/28 12:0 a.m.33 views

Fedora 19 : kdelibs3-3.5.10-53.fc19 (2013-8625)

This update fixes a low-impact security issue in the KDE 3 compatibility kdelibs3 version of kiohttp where it would print passwords contained in HTTP URLs in error and debugging messages CVE-2013-2074. Note that Tenable Network Security has extracted the preceding description block directly from...

5CVSS6.5AI score0.0198EPSS
Exploits0References3
attackerkb
attackerkb
added 2007/12/21 7:46 p.m.3 views

CVE-2007-6511

Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a 1 RealPlayer G2, 2 MSMSGS, or 3 StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization...

5CVSS5.6AI score0.01827EPSS
Exploits0References10
prion
prion
added 2007/12/21 7:46 p.m.17 views

Design/Logic Flaw

Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a 1 RealPlayer G2, 2 MSMSGS, or 3 StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization...

5CVSS7.2AI score0.01827EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder