Lucene search
K

189 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:36 a.m.37 views

Undertow vulnerable to Request Smuggling

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

6.1CVSS1.9AI score0.01655EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/12 7:15 p.m.5 views

CVE-2021-22531

A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0...

6.1CVSS5.7AI score0.00525EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/10/18 3:8 p.m.21 views

CVE-2021-22964

A redirect vulnerability in the fastify-static module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the...

8.8CVSS3.3AI score0.00988EPSS
Exploits1References3
NVD
NVD
added 2021/10/14 3:15 p.m.29 views

CVE-2021-22964

A redirect vulnerability in the fastify-static module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the...

8.8CVSS0.00988EPSS
Exploits1References1
OSV
OSV
added 2021/10/14 3:15 p.m.17 views

CVE-2021-22964

A redirect vulnerability in the fastify-static module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the...

8.8CVSS8.4AI score
Exploits0References1
Prion
Prion
added 2021/10/14 3:15 p.m.23 views

Design/Logic Flaw

A redirect vulnerability in the fastify-static module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the...

6.8CVSS8.4AI score0.00988EPSS
Exploits1References1Affected Software1
Huntr
Huntr
added 2021/10/05 2:26 p.m.14 views

Use of a Broken or Risky Cryptographic Algorithm in anonaddy/anonaddy

Description MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Recent advances in cryptanalysis have discovered weaknesses in both algorithms. Consequently, MD5 and SHA-1 should no longer be relied upon to verify the authenticity...

0.2AI score
Exploits0References2
OSV
OSV
added 2021/09/07 7:15 p.m.24 views

CVE-2021-35947

The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL...

5.3CVSS6.8AI score0.01267EPSS
Exploits0References2
Prion
Prion
added 2021/09/07 7:15 p.m.23 views

Path traversal

The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL...

5CVSS5.2AI score0.01267EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/09/07 7:15 p.m.43 views

CVE-2021-35947

The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL...

5.3CVSS6.2AI score0.01267EPSS
Exploits0References3
OSV
OSV
added 2021/05/12 6:15 p.m.3 views

CVE-2020-19275

An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path...

5.3CVSS5.8AI score0.01179EPSS
Exploits1References2
Prion
Prion
added 2021/05/12 6:15 p.m.10 views

Information disclosure

An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path...

5CVSS5AI score0.01179EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/12 5:13 p.m.29 views

CVE-2020-19275

An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path...

5AI score0.01179EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2021/03/23 2:17 p.m.4 views

undertow: Possible regression in fix for CVE-2020-10687

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS7.3AI score0.01147EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:41 p.m.2 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:37 p.m.5 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:19 p.m.5 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/02/16 7:39 a.m.3 views

OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS7.3AI score0.0217EPSS
Exploits0References4
Veracode
Veracode
added 2021/01/14 1:37 a.m.20 views

Denial Of Service (DoS)

json-sanitizer is vulnerable to denial of service. The vulnerability exists as certain invalid JSON characters are not sanitized, allowing an attacker to cause an undeclared exception and crash the application via a malicious string input...

7.5CVSS5.1AI score0.02099EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2020/12/16 3:21 p.m.5 views

OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS7.3AI score0.0217EPSS
Exploits0References4
Rows per page
Query Builder