CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2156 matches found

FreeBSD•added 2021/12/20 12:0 a.m.•128 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: moderate: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier CVE-2021-44224 A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for...

9.8CVSS0.8AI score0.97108EPSS

Exploits4References1

RedHat Linux•added 2021/12/13 3:29 p.m.•3 views

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

5.3CVSS7.2AI score0.0226EPSS

Exploits1References5

RedhatCVE•added 2021/12/13 6:3 a.m.•46 views

CVE-2021-43813

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

4.3CVSS1.9AI score0.57991EPSS

Exploits0References4

Tenable Nessus•added 2021/12/13 12:0 a.m.•64 views

FreeBSD : Grafana -- XSS (4b478274-47a0-11ec-bd24-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4b478274-47a0-11ec-bd24-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. In affected versions if an...

6.9CVSS7.7AI score0.84607EPSS

Exploits0References3

NVD•added 2021/12/10 9:15 p.m.•24 views

CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

4.3CVSS0.01773EPSS

Exploits0References7

OSV•added 2021/12/10 9:15 p.m.•28 views

CVE-2021-43815

4.3CVSS6.5AI score

Exploits0References7

UbuntuCve•added 2021/12/10 9:15 p.m.•25 views

CVE-2021-43815

4.3CVSS6.7AI score0.01773EPSS

Exploits0References7

Prion•added 2021/12/10 9:15 p.m.•27 views

Directory traversal

3.5CVSS4.7AI score0.01773EPSS

Exploits0References7Affected Software1

OSV•added 2021/12/10 9:15 p.m.•3 views

UBUNTU-CVE-2021-43815

4.3CVSS6.9AI score0.01773EPSS

Exploits0References8

CVE•added 2021/12/10 8:40 p.m.•188 views

CVE-2021-43815

CVE-2021-43815 affects Grafana where an authenticated user could perform a directory traversal to read arbitrary *.csv files via the /api/ds/query path. Affected versions are Grafana 8.0.0-beta3 through 8.3.1 (and related impact notes). The issue is limited to instances with the TestData DB data ...

4.3CVSS4.8AI score0.01773EPSS

Exploits0References7Affected Software1

AlpineLinux•added 2021/12/10 8:40 p.m.•34 views

CVE-2021-43815

4.3CVSS4.9AI score0.01773EPSS

Exploits0

Prion•added 2021/12/10 6:15 p.m.•24 views

Directory traversal

4CVSS4.5AI score0.57991EPSS

Exploits0References8Affected Software1

UbuntuCve•added 2021/12/10 6:15 p.m.•36 views

CVE-2021-43813

4.3CVSS6.8AI score0.57991EPSS

Exploits0References8

OSV•added 2021/12/10 6:15 p.m.•1 views

UBUNTU-CVE-2021-43813

4.3CVSS6.9AI score0.57991EPSS

Exploits0References9

AlpineLinux•added 2021/12/10 5:30 p.m.•55 views

CVE-2021-43813

4.3CVSS5.3AI score0.57991EPSS

Exploits0

CNNVD•added 2021/12/10 12:0 a.m.•2 views

Grafana 路径遍历漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana suffers from a path traversal vulnerability that stems from the fact that Grafana prior to...

4.3CVSS7AI score0.57991EPSS

Exploits0References20

RedHat Linux•added 2021/11/30 2:28 p.m.•7 views

tomcat: HTTP request smuggling when used with a reverse proxy

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5.3CVSS7.2AI score0.75353EPSS

Exploits1References4

RedHat Linux•added 2021/11/30 2:25 p.m.•3 views

tomcat: HTTP request smuggling when used with a reverse proxy

5.3CVSS7.2AI score0.75353EPSS

Exploits1References4

OSV•added 2021/11/23 9:58 p.m.•34 views

GHSA-3HFW-X7GX-437C Path traversal in Matrix Synapse

Impact Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. The last two directories and file name of the path are chosen randomly by Synapse and cannot be...

8.7CVSS7.4AI score0.01514EPSS

Exploits0References8

OSV•added 2021/11/23 8:15 p.m.•16 views

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.7AI score

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by