Lucene search
+L

775 matches found

RedHat Linux
RedHat Linux
added 2021/03/03 4:19 a.m.6 views

jenkins: Excessive memory allocation in graph URLs leads to denial of service

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

6.5CVSS5.8AI score0.01444EPSS
Exploits0References4
OSV
OSV
added 2021/02/22 2:8 p.m.6 views

USN-4742-1 python-django vulnerability

It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack...

5.9CVSS6.9AI score0.35717EPSS
Exploits1References2
Veracode
Veracode
added 2021/02/20 6:44 a.m.44 views

Web Cache Poisoning

python-django is vulnerable to web cache poisoning. An attacker may separate query parameters using a semicolon ;, causing a difference in the interpretation of the request between the proxy running with default configuration and the server resulting in malicious requests being cached as complete...

5.9CVSS2.7AI score0.35717EPSS
Exploits1References58Affected Software14
RedhatCVE
RedhatCVE
added 2021/02/15 8:5 p.m.53 views

CVE-2021-23336

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

5.9CVSS2.8AI score0.35717EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/02/09 1:5 p.m.54 views

CVE-2020-28476

A flaw was found in python-tornado. All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the...

2.7AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/02/04 2:55 p.m.40 views

CVE-2021-21607

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

6.5CVSS5.4AI score0.01444EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.27 views

Debian DLA-2531-1 : python-bottle security update

The package src:python-bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.3AI score0.01837EPSS
Exploits1References4
OSV
OSV
added 2021/01/18 12:15 p.m.5 views

DEBIAN-CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.4AI score0.01837EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/01/18 12:0 a.m.6 views

Tornado Environment Issue Vulnerability

Tornado is a Python web framework and asynchronous networking library from the Tornado community. The library scales to thousands of open connections through the use of non-blocking network I/O, making it ideal for long-time polling, WebSockets, and other applications that require long-term...

5.8AI score
Exploits0References4
CNNVD
CNNVD
added 2021/01/18 12:0 a.m.7 views

Bottle Environmental Vulnerability

Bottle is a simple and lightweight Python-based WSGI micro web framework from the Bottle community. A security vulnerability exists in bottle versions 0 through 0.12.19, where an attacker's use of semicolons to separate query parameters results in a different interpretation of requests between th...

6.8CVSS6.7AI score0.01837EPSS
Exploits1References10
CNVD
CNVD
added 2021/01/14 12:0 a.m.5 views

Cloudbees Jenkins Cross-Site Scripting Vulnerability (CNVD-2021-03557)

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A cross-site scripting vulnerabilit...

5.4CVSS6.1AI score0.01029EPSS
Exploits0References1
CVE
CVE
added 2021/01/13 3:55 p.m.201 views

CVE-2021-21607

The CVE-2021-21607 issue affects Jenkins 2.274 and earlier, and Jenkins LTS 2.263.1 and earlier, where graph rendering URLs do not cap the maximum graph size. This can allow crafted or user-requested URLs to exhaust memory, potentially causing Jenkins to experience out-of-memory errors (DoS). A f...

6.5CVSS6.7AI score0.01444EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.7 views

Cloudbees Jenkins 跨站脚本漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . A cross-site scripting...

6.1CVSS6.2AI score0.01185EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.8 views

Cloudbees Jenkins 跨站脚本漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A cross-site scripting vulnerabilit...

5.4CVSS5.9AI score0.01029EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.6 views

Cloudbees Jenkins 跨站脚本漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A cross-site scripting vulnerabilit...

5.4CVSS5.9AI score0.01029EPSS
Exploits0References8
NVD
NVD
added 2020/11/24 2:15 a.m.29 views

CVE-2020-15928

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...

5.3CVSS5.3AI score0.01708EPSS
Exploits0References1
OSV
OSV
added 2020/11/24 2:15 a.m.9 views

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

9.8CVSS7.5AI score0.04549EPSS
Exploits1References1
NVD
NVD
added 2020/11/24 2:15 a.m.28 views

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

9.8CVSS9.7AI score0.04549EPSS
Exploits1References1
OSV
OSV
added 2020/11/24 2:15 a.m.2 views

CVE-2020-15928

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...

5.3CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2020/11/24 1:41 a.m.38 views

CVE-2020-15928

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...

5.3AI score0.01708EPSS
Exploits0References1
Rows per page
Query Builder