Lucene search
K

399 matches found

OSV
OSV
added 2023/11/23 4:15 p.m.3 views

DEBIAN-CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

7.5CVSS7.7AI score0.00968EPSS
Exploits0References1
OSV
OSV
added 2023/11/23 4:15 p.m.5 views

CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

7.5CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2023/11/23 4:15 p.m.9 views

Heap overflow

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

5CVSS7.5AI score0.00968EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/11/23 4:15 p.m.14 views

CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

7.5CVSS7.3AI score0.00968EPSS
Exploits0References3
OSV
OSV
added 2023/11/23 4:15 p.m.2 views

UBUNTU-CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

7.5CVSS7.4AI score0.00968EPSS
Exploits0References4
CVE
CVE
added 2023/11/23 12:0 a.m.43 views

CVE-2022-44010

CVE-2022-44010 affects ClickHouse prior to 22.9.1.2603. A crafted HTTP request to the HTTP Endpoint (default port 8123) can cause a heap-based buffer overflow, crashing the process without authentication. Fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. Public expl...

7.5CVSS7.6AI score0.00968EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2023/11/23 12:0 a.m.18 views

CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

7.5CVSS7.6AI score0.00968EPSS
Exploits0
Cvelist
Cvelist
added 2023/11/23 12:0 a.m.17 views

CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

7.8AI score0.00968EPSS
Exploits0References1
OSV
OSV
added 2023/10/25 6:32 p.m.17 views

GHSA-VW64-G7C6-MM7G Jenkins lambdatest-automation Plugin missing permission check

Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...

4.3CVSS4.7AI score0.00394EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.21 views

Jenkins lambdatest-automation Plugin missing permission check

Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...

4.3CVSS6.7AI score0.00394EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/10/03 8:15 a.m.15 views

CVE-2023-3655

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database system settings, user accounts,.... This vulnerability can be triggered by an HTTP endpoint exposed to the...

7.5CVSS7.4AI score0.00472EPSS
Exploits0References2
Prion
Prion
added 2023/10/03 8:15 a.m.19 views

Code injection

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database system settings, user accounts,.... This vulnerability can be triggered by an HTTP endpoint exposed to the...

5CVSS7.4AI score0.00472EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/03 8:15 a.m.21 views

Remote code execution

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network...

7.5CVSS9.7AI score0.00992EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/10/03 8:10 a.m.58 views

CVE-2023-3654

CVE-2023-3654 affects cashIT! devices from PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH up to version 2023.02.37. The issue is an origin bypass via the HTTP Host header, triggered by an HTTP endpoint exposed to the network. The root cause is a host-header-based origin check bypass, enabling u...

9.8CVSS9.5AI score0.00303EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/03 7:53 a.m.22 views

CVE-2023-3655 Unauthenticated Remote Database Exfiltration

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database system settings, user accounts,.... This vulnerability can be triggered by an HTTP endpoint exposed to the...

7.5CVSS7.6AI score0.00472EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/03 7:53 a.m.1 views

CVE-2023-3655 Unauthenticated Remote Database Exfiltration

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database system settings, user accounts,.... This vulnerability can be triggered by an HTTP endpoint exposed to the...

7.5CVSS7.4AI score0.00472EPSS
Exploits0References2
CVE
CVE
added 2023/10/03 7:53 a.m.46 views

CVE-2023-3655

The CVE-2023-3655 entry concerns cashIT! - serving solutions on devices running version 03.A06rks 2023.02.37. Connected PT-2023-25621 details indicate the vulnerability allows leakage of the database (including system settings and user accounts) via an HTTP endpoint exposed to the network. No exp...

7.5CVSS7.4AI score0.00472EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/03 7:39 a.m.21 views

CVE-2023-3656 Unauthenticated Remote Code Execution

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network...

9.8CVSS10AI score0.00992EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.5 views

PT-2023-25623 · Pos/ Dienstleistung · Cashit!

Name of the Vulnerable Software and Affected Versions: cashIT! - serving solutions versions from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 Description: The issue is an unauthenticated remote code execution vulnerability that can be triggered by an HTTP endpoint...

9.8CVSS9.7AI score0.00992EPSS
Exploits0References9
OSV
OSV
added 2023/09/20 6:30 p.m.22 views

GHSA-2WWH-QGH8-W9XW Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not require POST requests for an HTTP endpoint, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to delete Failure Causes. Build Failure Analyzer Plugin 2.4.2 requires POST requests for t...

4.3CVSS4.8AI score0.00339EPSS
Exploits0References4
Rows per page
Query Builder