CVE-2021-34359

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...

Cross site scripting

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...

Cross site scripting

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...

CVE-2021-34361

CVE-2021-34361 is an XSS flaw in QNAP QTS Proxy Server. The vulnerability allows a remote attacker to inject HTML/script via crafted input in the Proxy Server component (affected by user-supplied data handling). According to the sources, the issue was fixed in QTS 4.5.x with Proxy Server 1.4.2 (2...

CVE-2021-34361 Reflected XSS Vulnerability in Proxy Server

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...

CVE-2021-34359 Stored XSS Vulnerability in Proxy Server

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...

CVE-2021-34359

The CVE-2021-34359 issue is a cross-site scripting (XSS) vulnerability in QNAP QTS Proxy Server. Affected product: Proxy Server on QTS 4.5.x. Root cause: insufficient handling of user-supplied data allowing injection of HTML/Script. Impact: remote attacker could inject malicious code when a user ...

QNAP QTS Proxy Server 跨站脚本漏洞

Qnap Systems QNAP QTS is a data storage device with SAN-like storage architecture from China Weilian Tong Qnap Systems. The device supports tiered storage, mirror protection, and other security features. A cross-site scripting vulnerability exists in the QNAP QTS Proxy Server, which stems from...

Envoy has an unspecified vulnerability (CNVD-2022-16288)

Envoy is an open source distributed proxy server. Envoy has a security vulnerability that can be exploited by attackers to cause stack exhaustion and abnormal process termination...

Envoy Resource Management Error Vulnerability (CNVD-2022-15542)

Envoy is an open source distributed proxy server. Envoy is vulnerable to a resource management error that occurs when configuring "envoyv3apifieldextensions.filters.network.tcpproxy.v3. tunnelingconfig" crashes and the downstream connection is disconnected while the upstream connection or http/2...

Envoy Trust Management Issue Vulnerability (CNVD-2022-15535)

Envoy is an open source distributed proxy server. Envoy is vulnerable to a trust management issue, which stems from the fact that Envoy's tls allows certain certificate authentication settings to be reused after they have been changed from their default configuration. No detailed vulnerability...

Envoy has an unspecified vulnerability (CNVD-2022-16291)

Envoy is an open source distributed proxy server. Envoy has a security vulnerability that stems from Envoy's internal redirection selection configured for direct response or redirection actions, specifically so that generic routers will have segmentation failures that can be exploited by attacker...

CVE-2021-46227

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxyclient.asp. This vulnerability allows attackers to execute arbitrary commands via the proxysrv, proxysrvport, proxylanip, proxylanport parameters...

Important: nginx:1.20 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. The following packages have been upgraded to a later upstream version: nginx 1.20.1. BZ2031030 Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels...

ALSA-2022:0323 Important: nginx:1.20 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. The following packages have been upgraded to a later upstream version: nginx 1.20.1. BZ2031030 Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels...

nginx:1.20 security update

An update is available for nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a foc...

GHSA-GCV9-6737-PJQW SSRF vulnerability in jupyter-server-proxy

Impact What kind of vulnerability is it? Server-Side Request Forgery SSRF Who is impacted? Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled. A lack of input validation allowed authenticated clients to proxy requests to other hosts, bypassing the allowedhos...

CVE-2022-21697 SSRF vulnerability (requires authentication)

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

DEBIAN-CVE-2022-23132

During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level...

ROS-2-443

2.443 Vulnerabilities in Squid Proxy Server 1. Vulnerability description: Problems are present in the code processing the "@" block at the beginning of a URL "user@host" and allow bypassing access restriction rules, poisoning cache contents and performing a cross-site scripting attack.Identifier...