PT-2022-17492 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions prior to 2.13.0 Description: The issue allows an attacker to bypass body schema validation in the request-validation plugin by passing a JSON with a duplicate key. This can be achieved by sending a JSON payload such as...

Apache Apisix 输入验证错误漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd, with dynamic routing and plugin hot-loading for API management in microservices systems. An attacker could use this vulnerability to bypass the bodyschema...

Waitress Environmental Issues Vulnerability (CNVD-2022-21483)

Waitress is a WSGI Web Server Gateway Interface server for Python. Waitress 2.1.0 and earlier versions are vulnerable to an environmental issue that stems from a software agent's inability to properly validate incoming HTTP requests for compliance, which allows smuggling through a front-end agent...

livehelperchat 跨站请求伪造漏洞

livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site request forgery vulnerability exists in livehelperchat, which stems from a WEB application that does not adequately validate that a request is coming from a trusted...

Phoronix Test Suite 跨站请求伪造漏洞

Phoronix Test Suite is a Phoronix Test Suite open source, cross-platform automated testing/benchmarking software. Phoronix Test Suite suffers from a cross-site request forgery vulnerability that stems from a WEB application that does not adequately validate that a request is coming from a trusted...

showdoc Cross-site Request Forgery Vulnerability (CNVD-2022-02730)

showdoc is an open source tool ideal for IT teams to share documents online. showdoc suffers from a cross-site request forgery vulnerability, which stems from a WEB application that does not sufficiently validate that the request is from a trusted user. An attacker could use this vulnerability to...

SUSE-SU-2021:4121-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. bsc1190487 - CVE-2021-4011: The handlers for the...

The vulnerability of the vSphere Web Client (FLEX/Flash) component, which manages virtual infrastructure, affects both Vmware vCenter Server and VMware Cloud Foundation. This vulnerability allows an attacker to gain unauthorized access to protected information.

The vulnerability of the vSphere Web Client FLEX/Flash component related to Vmware vCenter Server and VMware Cloud Foundation management tools is due to insufficient validation of incoming requests. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

The vulnerability of the implementation of the HTTP or FTP protocol in the console-based graphic editor ImageMagick allows a attacker to perform an SSRF attack.

The vulnerability of the HTTP or FTP protocol implementation of the console-based graphic editor ImageMagick is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a malicious actor, operating remotely, to carry out an SSRF attack...

WordPress 插件 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The Push Notifications plugin for WordPress...

firefly-iii Cross-site Request Forgery Vulnerability (CNVD-2022-19846)

firefly-iii is a free and open source personal finance software. firefly-iii suffers from a cross-site request forgery vulnerability, which originates when a WEB application does not sufficiently validate that a request is from a trusted user, and can be exploited by an attacker to send an...

firefly-iii 跨站请求伪造漏洞

firefly-iii is a free and open source personal finance software. firefly-iii suffers from a cross-site request forgery vulnerability, which originates when a WEB application does not sufficiently validate that a request is from a trusted user, and can be exploited by an attacker to send an...

CLSA-2021-1634925634 Fixed 9 CVEs in squid34

CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack - CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-25097: fix improper input validation allowing HTTP smuggling from trusted client -...

CLSA-2021-1634925554 Fixed CVEs in squid: CVE-2020-8517, CVE-2020-8450, CVE-2020-8449

CVE-2020-8449: fix improper HTTP request validation allowing access to resources which are prohibited by security filters - CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow - CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer and leading to...

Kindeditor 跨站请求伪造漏洞

Kindeditor is a lightweight open source web-based HTML rich text editor from the Kindeditor community.KindEdirot suffers from a cross-site request forgery vulnerability, which stems from WEB applications that do not adequately validate that requests come from trusted users. An attacker could...

The vulnerability of the monitoring tool for virtual infrastructure vRealize Operations, a platform for virtualization at VMware Cloud Foundation, and the application lifecycle management software vRealize Suite Lifecycle Manager lies in insufficient validation of incoming requests, allowing attackers to disclose sensitive information.

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software management tool is related to insufficient checking of incoming requests. Exploiting this vulnerabili...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to perform an SSRF attack.

The vulnerability of the modproxy module in the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

The vulnerability of the monitoring tool for virtual infrastructure vRealize Operations, a platform for virtualization at VMware Cloud Foundation, and the application lifecycle management software vRealize Suite Lifecycle Manager lies in insufficient validation of incoming requests, allowing attackers to disclose sensitive information.

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software management tool is related to insufficient checking of incoming requests. Exploiting this vulnerabili...

The vulnerability of the monitoring tool for virtual infrastructure vRealize Operations, a platform for virtualization at VMware Cloud Foundation, and the application lifecycle management software vRealize Suite Lifecycle Manager lies in insufficient validation of incoming requests, allowing attackers to disclose sensitive information.

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software management tool is related to insufficient checking of incoming requests. Exploiting this vulnerabili...

The vulnerability of the table_population.php file, a tool for monitoring Nagios XI Docker Wizard, allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the tablepopulation.php file of the Nagios XI Docker Wizard tool is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...