Lucene search
K

7691 matches found

Cvelist
Cvelist
added 2021/04/14 11:45 p.m.26 views

CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

4.5AI score0.01232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/04/14 11:45 p.m.11 views

CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

6.8AI score0.01232EPSS
Exploits0References1
CVE
CVE
added 2021/04/14 11:45 p.m.109 views

CVE-2021-26076

CVE-2021-26076 concerns the jira.editor.user.mode cookie used by the Jira Editor Plugin on Jira Server/Data Center. The issue arises when the cookie isn’t marked as Secure if Jira is configured to use HTTPS, enabling remote anonymous attackers to perform a man-in-the-middle attack to learn which ...

4.3CVSS4.2AI score0.01232EPSS
Exploits0References1Affected Software4
Tenable Nessus
Tenable Nessus
added 2021/04/14 12:0 a.m.31 views

FreeBSD : curl -- TLS 1.3 session ticket proxy host mixup (d10fc771-958f-11eb-9c34-080027f515ea)

Daniel Stenberg reports : Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they...

4.3CVSS6.7AI score0.03141EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2021/04/08 5:52 a.m.72 views

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believ...

0.3AI score
Exploits0
Ubuntu
Ubuntu
added 2021/04/07 5:9 p.m.122 views

USN-4903-1: curl vulnerability

Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information...

5.3CVSS6.8AI score0.05301EPSS
Exploits1
FreeBSD
FreeBSD
added 2021/04/07 12:0 a.m.24 views

opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.

Bobby Rauch of Accenture reports: I ended up finding OpenGrok, and after careful testing, discovered that OpenGrok insecurely deserializes XML input, which can lead to Remote Code Execution. This vulnerability was found in all versions of OpenGrok 1.6.8 and was reported to Oracle. The vulnerabili...

8.8CVSS7.1AI score0.01427EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2021/04/06 12:57 p.m.43 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Fortune 500

Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2021/04/05 8:56 p.m.11 views

U.S. Dept Of Defense: XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil

Greetings, I found on one of your sites an XML Injection + External service Interaction DNS/HTTP Link of the vulnerable file : https://█████.mil/██████████ Payload XML Injection : fkp please change the link of burp collaborator and + URL encode the payload How to reproduce █████ I cut the video...

7.4AI score
Exploits0
Prion
Prion
added 2021/04/05 7:15 p.m.16 views

Design/Logic Flaw

When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...

5CVSS7.4AI score0.01412EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2021/04/04 1:9 a.m.78 views

[SECURITY] Fedora 33 Update: curl-7.71.1-9.fc33

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

5.3CVSS6.4AI score0.05301EPSS
Exploits2
NVD
NVD
added 2021/04/02 8:15 p.m.14 views

CVE-2021-28941

Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpiedebug.php or /scripts/magpiesimple.php page, it's possible to request any internal page if you use a https request...

5.3CVSS0.01131EPSS
Exploits1References2
OSV
OSV
added 2021/04/02 8:15 p.m.17 views

CVE-2021-28941

Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpiedebug.php or /scripts/magpiesimple.php page, it's possible to request any internal page if you use a https request...

5.3CVSS6.9AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/04/02 8:15 p.m.43 views

CVE-2021-28940

Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpiedebug.php and /scripts/magpiesimple.php page that if you send a specific https url in the RS...

9.8CVSS7.5AI score0.03299EPSS
Exploits1References3
Prion
Prion
added 2021/04/02 8:15 p.m.17 views

Design/Logic Flaw

Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpiedebug.php and /scripts/magpiesimple.php page that if you send a specific https url in the RS...

7.5CVSS9.7AI score0.03299EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/04/02 7:6 p.m.19 views

CVE-2021-28940

Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpiedebug.php and /scripts/magpiesimple.php page that if you send a specific https url in the RS...

10AI score0.03299EPSS
Exploits1References3
OSV
OSV
added 2021/04/01 6:15 p.m.31 views

CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

3.7CVSS6.7AI score0.03141EPSS
Exploits1References9
NVD
NVD
added 2021/04/01 6:15 p.m.17 views

CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

4.3CVSS0.03141EPSS
Exploits1References9
Prion
Prion
added 2021/04/01 6:15 p.m.23 views

Design/Logic Flaw

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

4.3CVSS4.8AI score0.03141EPSS
Exploits1References9Affected Software6
CVE
CVE
added 2021/04/01 5:46 p.m.359 views

CVE-2021-22890

CVE-2021-22890 affects curl 7.63.0 through 7.75.0. When using TLS 1.3 with an HTTPS proxy, libcurl could confuse TLS session tickets from the proxy as if they came from the remote server, potentially causing the host’s session ticket to be resumed incorrectly and bypass server certificate checks,...

4.3CVSS4.9AI score0.03141EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder