Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 3:59 a.m.12 views

CVE-2021-39172

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

8.8CVSS7.6AI score0.29172EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/11/27 12:6 p.m.22 views

CVE-2024-42332 New line injection in Zabbix SNMP traps

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attac...

3.7CVSS0.00628EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/27 12:6 p.m.15 views

CVE-2024-42332 New line injection in Zabbix SNMP traps

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attac...

3.7CVSS6.8AI score0.00628EPSS
Exploits0References1
OSV
OSV
added 2021/08/30 4:11 p.m.29 views

GHSA-9JXW-CFRH-JXQ6 Cachet vulnerable to new line injection during configuration edition

Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...

8.8CVSS9.1AI score0.29172EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2021/08/30 4:11 p.m.54 views

Cachet vulnerable to new line injection during configuration edition

Impact Authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. Patches This issue was addressed by improving UpdateConfigCommandHandler and preventi...

8.8CVSS9.1AI score0.29172EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2021/08/27 11:15 p.m.39 views

CVE-2021-39172

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

8.8CVSS0.29172EPSS
Exploits2References3
OSV
OSV
added 2021/08/27 11:15 p.m.18 views

CVE-2021-39172

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

8.8CVSS9AI score
Exploits0References3
Prion
Prion
added 2021/08/27 11:15 p.m.23 views

Design/Logic Flaw

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

6.5CVSS9AI score0.29172EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2021/08/27 10:50 p.m.131 views

CVE-2021-39172

Cachet (open source status page system) prior to version 2.5.1 is vulnerable to a new line injection in the configuration edition feature (e.g., mail settings) that allows authenticated users, regardless of privilege, to achieve arbitrary code execution on the server. Root cause: insertion of new...

8.8CVSS9AI score0.29172EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2021/08/27 10:50 p.m.41 views

CVE-2021-39172 New line injection during configuration edition

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

8.8CVSS9.2AI score0.29172EPSS
Exploits2References3
OSV
OSV
added 2021/05/20 8:51 a.m.16 views

OPENSUSE-SU-2021:0754-1 Security update for exim

This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update boo1185631 CVE-2020-28007: Link attack in Exim's log directory CVE-2020-28008: Assorted attacks in Exim's spool directory CVE-2020-28014: Arbitrary PID file creation CVE-2020-28011: Heap buffer overfl...

9.8CVSS8AI score0.82238EPSS
Exploits34References32
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/20 12:0 a.m.71 views

Security update for exim (critical)

openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0754-1 Rating: critical References: 1079832 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-16928 CVE-2020-12783 CVE-2020-28007 CVE-2020-280...

9.8CVSS8AI score0.82238EPSS
Exploits34References5
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/20 12:0 a.m.83 views

Security update for exim (critical)

openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0753-1 Rating: critical References: 1079832 1136587 1142207 1154183 1160726 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-10149...

10CVSS8AI score0.99961EPSS
Exploits59References9
OSV
OSV
added 2021/05/07 9:3 a.m.11 views

OPENSUSE-SU-2021:0677-1 Security update for exim

This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update boo1185631 CVE-2020-28007: Link attack in Exim's log directory CVE-2020-28008: Assorted attacks in Exim's spool directory CVE-2020-28014: Arbitrary PID file creation CVE-2020-28011: Heap buffer overfl...

9.8CVSS8AI score0.82238EPSS
Exploits34References32
Veracode
Veracode
added 2021/05/04 10:33 p.m.35 views

Privilege Escalation

exim4 is vulnerable to privilege escalation. The vulnerability exists due to a new-line injection into spool header files...

7.8CVSS2.2AI score0.00379EPSS
Exploits1References2Affected Software7
OpenVAS
OpenVAS
added 2018/05/15 12:0 a.m.34 views

Adobe Acrobat 2017 Security Updates (APSB18-09) - Windows

Adobe Acrobat 2017 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat";...

10CVSS8.3AI score0.86898EPSS
Exploits5References3
OPENSUSE Linux
OPENSUSE Linux
added 2017/12/25 3:7 a.m.85 views

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

1.9AI score0.02008EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2017/12/25 3:7 a.m.81 views

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

1.9AI score0.02008EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2017/12/22 12:0 a.m.58 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to...

9.3CVSS2.5AI score0.03215EPSS
Exploits1References1
Hacker One
Hacker One
added 2017/12/19 9:8 p.m.102 views

GitLab: Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook

The secret token field of a webhook is vulnerable to a new line injection, allowing an attacker to inject non-HTTP commands in a TCP stream. When a GitLab instance is configured with an external Redis instance, e.g. on 127.0.0.1:6379, it may result in arbitrary code execution on a Sidekiq worker ...

7.5CVSS0.1AI score0.05705EPSS
Exploits0
Rows per page
Query Builder