Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

CVE-2021-44139: Report a Sentinel Security Vulnerability about SSRF · Issue #2451 · alibaba/Sentinel

Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).

CVE
Open in Source
#vulnerability#mac#apache#git#java#kubernetes
CVE-2021-44759

Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.

CVE-2022-0842: Security Bulletin - ePolicy Orchestrator update addresses multiple product vulnerabilities (CVE-2022-0842, CVE-2022-0857, CVE-2022-0858, CVE-2022-0859, CVE-2022-0861, CVE-2022-0862) and updates Java,

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.

CVE-2021-44759

Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.

RHSA-2022:1013: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.2.1 security update

A security update to Red Hat Integration Camel Extensions for Quarkus 2.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-8908: guava: local information disclosure via temporary directory created with unsafe permissions * CVE-2020-15522: bouncycastle: Timing issue within the EC math library * CVE-2021-2471: mysql-connector-java: unauthorized access to critical * CVE-2021-417...

CVE-2022-26285: Multiple-SQLi-in-Simple-Subscription-Company/apply_sqli.py at main · Dir0x/Multiple-SQLi-in-Simple-Subscription-Company

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

CVE-2022-26283: Multiple-SQLi-in-Simple-Subscription-Company/view_plan_sqli.py at main · Dir0x/Multiple-SQLi-in-Simple-Subscription-Company

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

CVE-2022-26284: SQLi-exploit---Simple-Client-Management-System/manage_client_sqli.py at main · Dir0x/SQLi-exploit---Simple-Client-Management-System

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

CVE-2022-23352: cve-pocs/CVE-2022-23352 at master · bzyo/cve-pocs

An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).

CVE-2022-27246: new: add setting for allowing svg org logos · MISP/MISP@08a07a3

An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.