Lucene search
K

7690 matches found

UbuntuCve
UbuntuCve
added 2022/02/20 6:15 p.m.29 views

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

5.9CVSS6.2AI score0.00897EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/02/20 5:52 p.m.14 views

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

6AI score0.00897EPSS
Exploits0References3
CVE
CVE
added 2022/02/20 5:52 p.m.111 views

CVE-2021-45081

CVE-2021-45081 affects Cobbler up to version 3.3.1. The issue is that routines expose HTTP instead of HTTPS, enabling potential eavesdropping or MITM on management/API endpoints. The connected documents confirm the root cause but do not specify a patched version or explicit mitigation in the prov...

5.9CVSS5.6AI score0.00897EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/20 12:0 a.m.3 views

PT-2022-12302 · Cobbler · Cobbler

Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 3.3.2 Description: An issue was discovered where routines in several files use the HTTP protocol instead of the more secure HTTPS. Recommendations: For Cobbler versions prior to 3.3.2, consider updating to a version...

5.9CVSS5.5AI score0.00897EPSS
Exploits0References10
Zero Day Initiative
Zero Day Initiative
added 2022/02/18 12:0 a.m.22 views

(Pwn2Own) Samsung Galaxy S21 Improper Error Handling Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the handling of errors...

4.6CVSS2AI score
Exploits0
OSV
OSV
added 2022/02/17 5:32 p.m.40 views

GO-2021-0243 Panic on certain certificates in crypto/tls

crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected...

6.5CVSS6.7AI score0.07032EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.29 views

Man-in-the-Middle (MitM)

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS6.3AI score0.01867EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/02/15 1:57 a.m.23 views

GHSA-QHM4-JXV7-J9PQ Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on...

4.3CVSS6.3AI score0.01141EPSS
Exploits0References7
OSV
OSV
added 2022/02/15 1:57 a.m.22 views

GHSA-8W94-CF6G-C8MG Man-in-the-Middle (MitM)

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

6.9CVSS7.9AI score0.01867EPSS
Exploits0References7
Huntr
Huntr
added 2022/02/12 5:7 p.m.37 views

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM attack will be able to receive the Authorization header due to the use of the insecure HTTP...

6.7AI score0.07443EPSS
Exploits2References1
Openbugbounty
Openbugbounty
added 2022/02/12 9:9 a.m.18 views

mail.camarapousoredondo.sc.gov.br Cross Site Scripting vulnerability OBB-2369867

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| mail.camarapousoredondo.sc.gov.br ---|-...

6.3AI score
Exploits0
Veracode
Veracode
added 2022/02/10 5:3 a.m.30 views

Information Disclosure

follow-redirects is vulnerable to information disclosure. The vulnerability exists because the HTTP Authorization header is sent via an insecure HTTP channel when a same-hostname HTTPS-to-HTTP redirect is received, allowing attackers in the same network to discover credentials by sniffing the...

5.9CVSS2.6AI score0.0126EPSS
Exploits0References4Affected Software2
Huntr
Huntr
added 2022/02/08 2:23 a.m.55 views

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects

Note Reclarification of https://huntr.dev/bounties/6d9fd2bf-39e4-4291-b228-30f131b9ccdc/ Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM atta...

4.3CVSS0.4AI score0.07443EPSS
Exploits2
Prion
Prion
added 2022/02/07 3:15 a.m.17 views

Open redirect

In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects...

5.8CVSS6.2AI score0.00563EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2022/02/07 12:0 a.m.18 views

GHSA-WP47-9R3H-XFGQ Server-Side Request Forgery in Apache Traffic Control

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach...

7.5CVSS7.4AI score0.01978EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.18 views

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2014-2259)

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTPS packets. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

7.8CVSS5.5AI score0.04456EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/07 12:0 a.m.29 views

Server-Side Request Forgery (SSRF)

In Apache Traffic Control Traffic Ops, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach...

7.5CVSS1.2AI score0.01978EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.23 views

Siemens SIMATIC S7-1200 Improper Input Validation (CVE-2014-2258)

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTPS packets, a different vulnerability than CVE-2014-2259. This plugin only works with Tenable.ot. Please visit...

7.8CVSS5.5AI score0.04604EPSS
Exploits1References4
NVD
NVD
added 2022/02/06 4:15 p.m.12 views

CVE-2022-23206

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach...

7.5CVSS0.01978EPSS
Exploits0References1
OSV
OSV
added 2022/02/06 4:15 p.m.14 views

CVE-2022-23206

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach...

7.5CVSS7AI score
Exploits0References1
Rows per page
Query Builder