825 matches found
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
Nextcloud: [nextcloud/mail] Blind SSRF to Internal Network via "List-Unsubscribe" SMTP Header when allow_local_remote_servers is allowed
Vulnerability description not provided...
CVE-2021-32007
This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers...
h2: Loading of custom classes from remote servers through JNDI
A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...
K000148693: libssh2 vulnerability CVE-2015-1782
Security Advisory Description The kexagreemethods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service crash or have other unspecified impact via crafted length values in an SSHMSGKEXINIT packet. CVE-2015-1782 Impact There is no impact; F5 products are not affected ...
Exploit for OS Command Injection in Php
CVE-2024-4577 RCE Exploit While implementing PHP, the team d...
The Samba AD DC administration tool when operating against a remote LDAP server will by default send new or reset passwords over a signed-only connection.
...
BIT-PYTHON-2022-45061
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...
CVE-2023-50178
FortiADC is affected by an improper certificate validation vulnerability (CWE-295) that may allow remote, unauthenticated attackers to perform a Man-in-the-Middle on the channel between FortiADC devices and remote servers (e.g., private SDN connectors, FortiToken Cloud). Connected sources consist...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to improper validation of remote server requests in shared channels with multiple connected remote servers, allowing a malicious remote server to change the profile images of users belonging...
CVE-2024-36257 Lack of permission check when updating the profile picture of a remote user (shared channels enabled)
Mattermost versions 9.5.x = 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious...
PT-2024-26936 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue arises when Mattermost is used with shared channels and multiple remote servers are connected. In such cases, the system fails to verify that the remote...
Conduit Security Vulnerabilities
Conduit is a simple, fast and reliable chat server from the individual developer Timo Kösters. A security vulnerability exists in versions prior to Conduit v0.8.0 that stems from an unauthenticated source in the federated API, resulting in any remote server being able to impersonate any user in a...
RHEL 5 : libxrandr (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXrandr: Insufficient validation of server responses result in various data mishandlings CVE-2016-7948 ...
RHEL 6 : libvncserver (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c CVE-2018-7225 -...
RHEL 7 : libxtst (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXtst: Insufficient validation of server responses result in Integer overflows CVE-2016-7951 - X.org...
RHEL 7 : libvncserver (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Multiple heap out-of-bound writes in VNC client code Incomplete fix for CVE-2018-20019...
CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers
wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...
CVE-2024-35183
CVE-2024-35183 affects wolfictl (Wolfi) and involves a git authentication issue in versions before 0.16.10. The vulnerability arises from a GetGitAuth flow that reads a GitHub token from the GITHUB_TOKEN environment variable and uses it for HTTP basic auth with go-git, in cases where the remote r...
CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers
wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...