CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1615 matches found

NVD•added 2022/07/28 9:15 a.m.•14 views

CVE-2022-36364

Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...

8.8CVSS0.11793EPSS

Exploits0References2

Prion•added 2022/07/28 9:15 a.m.•10 views

Code injection

6.5CVSS9AI score0.11793EPSS

Exploits0References2Affected Software1

CVE•added 2022/07/28 8:35 a.m.•348 views

CVE-2022-36364

Apache Calcite Avatica JDBC driver is affected by CVE-2022-36364 due to insecure dynamic instantiation of httpclient_impl classes without validating they implement the expected interface, enabling potential code execution loaded from arbitrary classes. The issue is addressed starting with Avatica...

8.8CVSS8.9AI score0.11793EPSS

Exploits0References2Affected Software1

CNNVD•added 2022/07/19 12:0 a.m.•1 views

undici 注入漏洞

undici is an HTTP/1.1 client. A security vulnerability exists in undici versions prior to 5.7.1, which stems from the ability to inject CRLF sequences into request headers in undici...

6.5CVSS6.8AI score0.00507EPSS

Exploits1References7

Tenable Nessus•added 2022/07/03 12:0 a.m.•48 views

FreeBSD : mediawiki -- multiple vulnerabilities (5ab54ea0-fa94-11ec-996c-080027b24e86)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5ab54ea0-fa94-11ec-996c-080027b24e86 advisory. - A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak...

8.1CVSS6.8AI score0.00682EPSS

Exploits1References4

UbuntuCve•added 2022/06/27 10:15 p.m.•39 views

CVE-2022-31090

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wi...

7.7CVSS7AI score0.01842EPSS

Exploits0References4

UbuntuCve•added 2022/06/27 10:15 p.m.•45 views

CVE-2022-31091

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...

7.7CVSS7.1AI score0.01516EPSS

Exploits0References4

Debian CVE•added 2022/06/27 12:0 a.m.•52 views

CVE-2022-31090

7.7CVSS7.4AI score0.01842EPSS

Exploits0

CVE•added 2022/06/27 12:0 a.m.•110 views

CVE-2022-31091

CVE-2022-31091 affects the Guzzle HTTP client. When following redirects that change port (or scheme/host), the request may inappropriately retain sensitive headers (Authorization, Cookie). The issue is that a redirect to a URI with a different port previously did not trigger header removal for sc...

7.7CVSS7.5AI score0.01516EPSS

Exploits0References4Affected Software1

CVE•added 2022/06/27 12:0 a.m.•127 views

CVE-2022-31090

CVE-2022-31090 affects Guzzle (PHP HTTP client): when using the Curl handler, a request following a redirect to a different origin can keep the CURLOPT_HTTPAUTH-injected Authorization header, enabling potential exposure of sensitive credentials. Root cause: the Authorization header is not cleared...

7.7CVSS7.4AI score0.01842EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2022/06/27 12:0 a.m.•6 views

CVE-2022-31091 Change in port should be considered a change in origin in Guzzle

7.7CVSS7.4AI score0.01516EPSS

Exploits0References4

Cvelist•added 2022/06/27 12:0 a.m.•25 views

CVE-2022-31091 Change in port should be considered a change in origin in Guzzle

7.7CVSS7.8AI score0.01516EPSS

Exploits0References4

NVD•added 2022/06/10 12:15 a.m.•18 views

CVE-2022-31042

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

7.5CVSS0.01454EPSS

Exploits0References5

NVD•added 2022/06/10 12:15 a.m.•21 views

CVE-2022-31043

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

7.5CVSS0.01454EPSS

Exploits0References5

UbuntuCve•added 2022/06/10 12:15 a.m.•46 views

CVE-2022-31043

7.5CVSS7.1AI score0.01454EPSS

Exploits0References5

UbuntuCve•added 2022/06/10 12:15 a.m.•39 views

CVE-2022-31042

7.5CVSS7AI score0.01454EPSS

Exploits0References5

Prion•added 2022/06/10 12:15 a.m.•28 views

Open redirect

5CVSS7.6AI score0.01454EPSS

Exploits0References5Affected Software3

Tenable Nessus•added 2022/06/10 12:0 a.m.•46 views

Amazon Linux AMI : python27 (ALAS-2022-1593)

The version of python27 installed on the remote host is prior to 2.7.18-2.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1593 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-2761...

9.8CVSS7.2AI score0.01214EPSS

Exploits4References13

Debian CVE•added 2022/06/09 12:0 a.m.•42 views

CVE-2022-31042

7.5CVSS7.6AI score0.01454EPSS

Exploits0

Cvelist•added 2022/06/09 12:0 a.m.•29 views

CVE-2022-31043 Fix failure to strip Authorization header on HTTP downgrade in Guzzle

7.5CVSS7.7AI score0.01454EPSS

Exploits0References5

Rows per page