Lucene search
K

145 matches found

CNVD
CNVD
added 2021/11/09 12:0 a.m.15 views

Cloudera Manager Cross-Site Scripting Vulnerability (CNVD-2021-103108)

Cloudera Manager is an end-to-end application for managing CDH clusters.Cloudera Manager versions 5., 6., 7.1., 7.2., and 7.3. are vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via path parameters...

6.1CVSS3.7AI score0.00568EPSS
Exploits0References1
OSV
OSV
added 2021/11/08 5:55 p.m.3 views

GHSA-6G47-63MV-QPGH Prototype Pollution in dotty

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...

5.6CVSS7.2AI score0.01242EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.6 views

Cloudera Manager 跨站脚本漏洞

Cloudera Manager is an end-to-end application for managing CDH clusters.Cloudera Manager versions 5., 6., 7.1., 7.2., and 7.3. are vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via path parameters...

6.1CVSS5.2AI score0.00568EPSS
Exploits0References2
Prion
Prion
added 2021/10/31 8:15 p.m.19 views

Code injection

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

7.5CVSS9.7AI score0.0181EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/15 8:30 p.m.90 views

Security Constraint Bypass in Spring Security

Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...

7.5CVSS0.2AI score0.01416EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/09/15 8:30 p.m.34 views

GHSA-V35C-49J6-Q8HQ Security Constraint Bypass in Spring Security

Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...

7.5CVSS7.3AI score0.01416EPSS
Exploits0References4
OSV
OSV
added 2020/08/17 6:15 p.m.3 views

CVE-2020-3502

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...

4.1CVSS5.9AI score0.01019EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/12/18 12:0 a.m.23 views

Debian: Security Advisory (DLA-2038-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.8AI score0.0316EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2019/08/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2005-0862

Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbbrootpath parameter to 1 pocloginform.php or 2 phpbb/poc.php, the pocrootpath parameter to 3 phpbb/poc.php, 4...

7.5CVSS6.1AI score0.10918EPSS
Exploits1References1
OSV
OSV
added 2018/10/17 8:1 p.m.40 views

GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS5.3AI score0.02857EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2018/08/14 7:51 p.m.1 views

spring-framework: Improper URL path validation allows for bypassing of security checks on static resources

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS5.7AI score0.02857EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/03/16 8:29 p.m.37 views

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS6.8AI score0.02857EPSS
Exploits0References2
NVD
NVD
added 2018/03/16 8:29 p.m.21 views

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS6.2AI score0.02857EPSS
Exploits0References6
Prion
Prion
added 2018/03/16 8:29 p.m.26 views

Security feature bypass

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5CVSS5.3AI score0.02857EPSS
Exploits0References6Affected Software5
OSV
OSV
added 2018/03/16 8:29 p.m.3 views

DEBIAN-CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS6.8AI score0.02857EPSS
Exploits0References1
OSV
OSV
added 2018/03/16 8:29 p.m.7 views

UBUNTU-CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS6.7AI score0.02857EPSS
Exploits0References3
OSV
OSV
added 2018/03/16 8:29 p.m.26 views

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS5.5AI score0.02857EPSS
Exploits0References6
CVE
CVE
added 2018/03/16 8:0 p.m.150 views

CVE-2018-1199

CVE-2018-1199 affects Spring Security (4.1.x before 4.1.5, 4.2.x before 4.2.4, 5.0.x before 5.0.1) and Spring Framework (4.3.x before 4.3.14, 5.0.x before 5.0.3). The issue is that URL path parameters are not consistently handled when evaluating security constraints, allowing an attacker to bypas...

5.3CVSS5.3AI score0.02857EPSS
Exploits0References6Affected Software2
Debian CVE
Debian CVE
added 2018/03/16 8:0 p.m.25 views

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS6.6AI score0.02857EPSS
Exploits0
CNVD
CNVD
added 2018/02/08 12:0 a.m.2 views

Arbitrary File Deletion Vulnerability in Rice CMS v5.9.9 (CNVD-2018-03743)

DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. An arbitrary file deletion vulnerability exists in Daimi CMS v5.9.9, which is due ...

7AI score
Exploits0
Rows per page
Query Builder