399 matches found
DEBIAN-CVE-2022-44010
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...
CVE-2022-44010
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...
Heap overflow
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...
CVE-2022-44010
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...
UBUNTU-CVE-2022-44010
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...
CVE-2022-44010
CVE-2022-44010 affects ClickHouse prior to 22.9.1.2603. A crafted HTTP request to the HTTP Endpoint (default port 8123) can cause a heap-based buffer overflow, crashing the process without authentication. Fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. Public expl...
CVE-2022-44010
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...
CVE-2022-44010
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...
GHSA-VW64-G7C6-MM7G Jenkins lambdatest-automation Plugin missing permission check
Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...
Jenkins lambdatest-automation Plugin missing permission check
Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...
CVE-2023-3655
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database system settings, user accounts,.... This vulnerability can be triggered by an HTTP endpoint exposed to the...
Code injection
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database system settings, user accounts,.... This vulnerability can be triggered by an HTTP endpoint exposed to the...
Remote code execution
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network...
CVE-2023-3654
CVE-2023-3654 affects cashIT! devices from PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH up to version 2023.02.37. The issue is an origin bypass via the HTTP Host header, triggered by an HTTP endpoint exposed to the network. The root cause is a host-header-based origin check bypass, enabling u...
CVE-2023-3655 Unauthenticated Remote Database Exfiltration
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database system settings, user accounts,.... This vulnerability can be triggered by an HTTP endpoint exposed to the...
CVE-2023-3655 Unauthenticated Remote Database Exfiltration
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database system settings, user accounts,.... This vulnerability can be triggered by an HTTP endpoint exposed to the...
CVE-2023-3655
The CVE-2023-3655 entry concerns cashIT! - serving solutions on devices running version 03.A06rks 2023.02.37. Connected PT-2023-25621 details indicate the vulnerability allows leakage of the database (including system settings and user accounts) via an HTTP endpoint exposed to the network. No exp...
CVE-2023-3656 Unauthenticated Remote Code Execution
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network...
PT-2023-25623 · Pos/ Dienstleistung · Cashit!
Name of the Vulnerable Software and Affected Versions: cashIT! - serving solutions versions from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 Description: The issue is an unauthenticated remote code execution vulnerability that can be triggered by an HTTP endpoint...
GHSA-2WWH-QGH8-W9XW Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not require POST requests for an HTTP endpoint, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to delete Failure Causes. Build Failure Analyzer Plugin 2.4.2 requires POST requests for t...