Lucene search
K

21 matches found

NVD
NVD
added 2026/02/19 8:25 p.m.4 views

CVE-2026-26267

soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the contractimpl macro contains a bug in how it wires up function calls. contractimpl generates code that uses MyContract::value style calls even when it's processing the trait version. This means if a...

7.5CVSS0.00317EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.8 views

PT-2026-20342

Name of the Vulnerable Software and Affected Versions soroban-sdk-macros versions prior to 22.0.10 soroban-sdk-macros versions prior to 23.5.2 soroban-sdk-macros versions prior to 25.1.1 Description The contractimpl macro in soroban-sdk-macros has a flaw in how it manages function calls. When...

7.5CVSS5.6AI score0.00317EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/01/13 4:38 p.m.7 views

postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

3.1CVSS5.7AI score0.00201EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.7 views

CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

7.2CVSS6.8AI score0.0151EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-4404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the...

9.1CVSS7.5AI score0.01827EPSS
Exploits1References3
Snyk
Snyk
added 2025/04/25 3:9 p.m.3 views

Improper Ownership Management

Overview Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with permission to create a project can escalate privileges to those of a user who owns a project by the same...

9CVSS7AI score0.00712EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/05/23 3:23 p.m.4 views

SUSE CVE-2023-52864

In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 "drivers: misc: pass miscdevice pointer via file private data", the miscdevice stores a pointer to itself inside filp-privatedata, which means that privateda...

5.5CVSS6.6AI score0.00263EPSS
Exploits0References18
OSV
OSV
added 2023/06/02 11:15 p.m.3 views

UBUNTU-CVE-2023-1297

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3...

7.5CVSS7.1AI score0.00768EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:54 p.m.30 views

Elastic APM agent for Python client CGI proxy redirection flaw

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

7.2CVSS6.7AI score0.0151EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2019/11/27 4:54 p.m.37 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.9AI score0.04526EPSS
Exploits0
NVD
NVD
added 2019/08/22 5:15 p.m.32 views

CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

7.2CVSS6.9AI score0.0151EPSS
Exploits0References2
OSV
OSV
added 2019/08/22 5:15 p.m.16 views

CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

7.2CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2019/08/22 5:15 p.m.21 views

Design/Logic Flaw

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

6.4CVSS6.8AI score0.0151EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/22 4:12 p.m.37 views

CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

7AI score0.0151EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/08/18 6:39 p.m.5 views

CGIHandler: sets environmental variable based on user supplied Proxy request header

It was discovered that the Python CGIHandler class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP...

6.1CVSS6.9AI score0.04526EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/08/12 12:0 a.m.49 views

RHEL 6 : php (RHSA-2016:1609) (httpoxy)

An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

8.1CVSS6.8AI score0.50427EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/08/11 10:10 p.m.6 views

PHP: sets environmental variable based on user supplied Proxy request header

It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...

8.1CVSS6.8AI score0.50427EPSS
Exploits0References4
Amazon
Amazon
added 2016/08/01 12:0 a.m.73 views

Medium: php55, php56

Issue Overview: A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. ...

9.8CVSS9.2AI score0.50427EPSS
Exploits11
UbuntuCve
UbuntuCve
added 2016/07/25 12:0 a.m.31 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.8AI score0.04526EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/05/20 3:26 p.m.5 views

JBoss: custom authorization module implementations shared between applications

Red Hat JBoss Enterprise Application Platform EAP before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control...

3.7CVSS6.2AI score0.00341EPSS
Exploits0References4
Rows per page
Query Builder