1115 matches found
CVE-2022-48069
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...
TOTOLINK A830R 操作系统命令注入漏洞
The TOTOLINK A830R is a dual-band wireless router that supports both 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 1200Mbps, making it suitable for home network coverage needs. The TOTOLINK A830R suffers from a command injection vulnerability that stems from its QUERYSTRING...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
DEBIAN-CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
CVE-2022-3100
The CVE-2022-3100 issue affects the openstack-barbican component and enables an access policy bypass via a query string when calling the API. This vulnerability is discussed across multiple sources, with explicit confirmation in the SUSE-SU-2023:0071-1 security update: openstack-barbican Fixes CV...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
SUSE-SU-2023:0071-1 Security update for openstack-barbican
This update for openstack-barbican contains the following fix: Security fix included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection bsc1203873. Update for openstack-barbican: - Add patch for CVE-2022-3100 to address access policy bypa...
HTTP Query String Injection
Description The application does not properly sanitize query string parameters in the cloudflare-kv-http,github and http drivers. In the case of the github and http drivers there is no immediate vulnerability, however a slight risk is presented. When a user controls a key within the...
AeroCMS SQL注入漏洞
AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 suffers from a SQL injection vulnerability that stems from the vulnerability of the Approve parameter of the CMS system to SQL injection attacks. An attacker can exploit this vulnerability by insertin...
Denial Of Service (DoS)
qs is vulnerable to denial of service. The vulnerability exists in the parseObject function of parse.js due to lack of checks for attributes like proto in the query string of the URL, which allows an attacker to cause an application crash by providing malicious payload...
01-numacert (>=1.0.0 <=3.0.0), 10by10-react-app (=1.2.1) +3839 more potentially affected by CVE-2022-24999 via qs (>=6.5.0 <=6.5.2)
qs NPM version =6.5.0, =1.0.0, =0.2.0, =0.1.0, =1.0.0, =1.0.3, =0.0.1-bate.30, =0.0.1, =0.0.1, =1.0.0, =12.1.0, =6.0.0, =7.12.0 and more Source cves: CVE-2022-24999 Source advisory: OSV:GHSA-HRPP-H998-J3PP...
GHSA-HRPP-H998-J3PP qs vulnerable to Prototype Pollution
qs before 6.10.3 allows attackers to cause a Node process hang because an proto key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as...
qs vulnerable to Prototype Pollution
qs before 6.10.3 allows attackers to cause a Node process hang because an proto key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as...
DEBIAN-CVE-2022-24999
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
CVE-2022-24999
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
AZL-45051 CVE-2022-24999 affecting package js-jquery 3.5.0-4
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
AZL-44307 CVE-2022-24999 affecting package nodejs-nodemon 2.0.3-5
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
CVE-2022-24999
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...