Syntax errors
parent
d6f1309064
commit
f15b856426
|
@ -4,7 +4,7 @@ info:
|
|||
name: Oracle E-Business Suite - Blind SSRF
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: Oracle E-Business Suite, Application Management Pack component (subcomponent: User Monitoring), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform post requests towards internal services which are not intended to be exposed. Affected supported versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7.
|
||||
description: Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform post requests towards internal services which are not intended to be exposed. Affected supported versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7.
|
||||
reference:
|
||||
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
|
||||
- http://web.archive.org/web/20211206102649/https://securitytracker.com/id/1041897
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Jira <8.4.0 - Server-Side Request Forgery
|
||||
author: TechbrunchFR
|
||||
severity: medium
|
||||
description: Jira before 8.4.0 is susceptible to server-side request forgery. The /plugins/servlet/gadgets/makeRequest resource contains a logic bug in the JiraWhitelist class, which can allow an attacker to access the content of internal network resources and thus modify data, and/or execute unauthorized operations.
|
||||
description: Jira before 8.4.0 is susceptible to server-side request forgery. The /plugins/servlet/gadgets/makeRequest resource contains a logic bug in the JiraWhitelist class, which can allow an attacker to access the content of internal network resources and thus modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
|
||||
- https://jira.atlassian.com/browse/JRASERVER-69793
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Artica Pandora FMS <=7.42 - Arbitrary File Read
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations.
|
||||
description: Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations.
|
||||
reference:
|
||||
- https://k4m1ll0.com/cve-2020-8497.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-8497
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: GitLab CE/EE - Information Disclosure
|
||||
author: GitLab Red Team
|
||||
severity: critical
|
||||
description: GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2.
|
||||
description: GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2.
|
||||
reference:
|
||||
- https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
|
||||
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json
|
||||
|
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: For3stCo1d
|
||||
severity: critical
|
||||
description: |
|
||||
Tenda 11N with firmware version V5.07.33_cn contains an authentication bypass vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
Tenda 11N with firmware version V5.07.33_cn contains an authentication bypass vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://github.com/D0ngsec/vulns/blob/main/Tenda/Tenda_11N_Authentication_Bypass.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-42233
|
||||
|
|
Loading…
Reference in New Issue