Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-8812

Summary
Assigner-debian
Assigner Org ID-79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At-15 Nov, 2017 | 08:00
Updated At-05 Aug, 2024 | 16:48
Rejected At-
Credits

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:debian
Assigner Org ID:79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At:15 Nov, 2017 | 08:00
Updated At:05 Aug, 2024 | 16:48
Rejected At:
â–¼CVE Numbering Authority (CNA)

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

Affected Products
Vendor
n/a
Product
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2
Versions
Affected
  • MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2
Problem Types
TypeCWE IDDescription
textN/Agreater than injection
Type: text
CWE ID: N/A
Description: greater than injection
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1039812
vdb-entry
x_refsource_SECTRACK
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
x_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-4036
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securitytracker.com/id/1039812
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.debian.org/security/2017/dsa-4036
Resource:
vendor-advisory
x_refsource_DEBIAN
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1039812
vdb-entry
x_refsource_SECTRACK
x_transferred
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
x_refsource_CONFIRM
x_transferred
https://www.debian.org/security/2017/dsa-4036
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039812
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.debian.org/security/2017/dsa-4036
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@debian.org
Published At:15 Nov, 2017 | 08:29
Updated At:13 May, 2026 | 00:24

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
Wikimedia Foundation
mediawiki
>>mediawiki>>Versions up to 1.27.3(inclusive)
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.28.0
cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.28.1
cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.28.2
cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.29.0
cpe:2.3:a:mediawiki:mediawiki:1.29.0:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.29.1
cpe:2.3:a:mediawiki:mediawiki:1.29.1:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securitytracker.com/id/1039812security@debian.org
Third Party Advisory
VDB Entry
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.htmlsecurity@debian.org
Mailing List
Patch
Vendor Advisory
https://www.debian.org/security/2017/dsa-4036security@debian.org
Third Party Advisory
http://www.securitytracker.com/id/1039812af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Patch
Vendor Advisory
https://www.debian.org/security/2017/dsa-4036af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://www.securitytracker.com/id/1039812
Source: security@debian.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
Source: security@debian.org
Resource:
Mailing List
Patch
Vendor Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4036
Source: security@debian.org
Resource:
Third Party Advisory
Hyperlink: http://www.securitytracker.com/id/1039812
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Patch
Vendor Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4036
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

220Records found
CVE-2019-16792
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.85% / 75.33%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 18:30
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP Request Smuggling: Content-Length Sent Twice in Waitress

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.

Action-Not Available
Vendor-agendalessPylonsOracle CorporationDebian GNU/Linux
Product-communications_cloud_native_core_network_function_cloud_native_environmentwaitressdebian_linuxWaitress
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2019-16786
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.80% / 74.39%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 23:00
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: "Transfer-Encoding: gzip, chunked" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0.

Action-Not Available
Vendor-agendalessPylonsOracle CorporationRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-debian_linuxcommunications_cloud_native_core_network_function_cloud_native_environmentopenstackfedorawaitressWaitress
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2019-16869
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.99% / 94.72%
||
7 Day CHG-0.34%
Published-26 Sep, 2019 | 15:28
Updated-07 Jul, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.The Netty ProjectRed Hat, Inc.
Product-nettyubuntu_linuxjboss_enterprise_application_platformdebian_linuxenterprise_linuxn/a
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2019-16235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.24%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 18:57
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.

Action-Not Available
Vendor-dinon/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoradinon/a
CWE ID-CWE-346
Origin Validation Error
CVE-2019-15523
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.67% / 71.70%
||
7 Day CHG~0.00%
Published-30 Dec, 2020 | 20:04
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.

Action-Not Available
Vendor-linbitn/aDebian GNU/Linux
Product-debian_linuxcsync2n/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2019-16237
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 62.56%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 18:56
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.

Action-Not Available
Vendor-dinon/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoradinon/a
CWE ID-CWE-346
Origin Validation Error
CVE-2018-8040
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-7.83% / 92.16%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtraffic_serverApache Traffic Server
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2019-16276
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.76% / 92.13%
||
7 Day CHG-2.08%
Published-30 Sep, 2019 | 18:40
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectDebian GNU/LinuxGoopenSUSERed Hat, Inc.
Product-debian_linuxdeveloper_toolscloud_insights_telegraf_agentopenshift_container_platformfedoraenterprise_linuxgoenterprise_linux_eusleapn/a
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2018-6794
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-37.43% / 97.28%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 05:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.

Action-Not Available
Vendor-suricata-idsn/aDebian GNU/Linux
Product-debian_linuxsuricatan/a
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2021-37149
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.36% / 80.58%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 15:20
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Request Smuggling - multiple attacks

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtraffic_serverApache Traffic Server
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37147
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.89% / 75.97%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 15:20
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Request Smuggling - LF line ending

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtraffic_serverApache Traffic Server
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE ID-CWE-20
Improper Input Validation
CVE-2017-9066
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-1.41% / 80.89%
||
7 Day CHG~0.00%
Published-18 May, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-debian_linuxwordpressn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2017-8815
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.80%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWikimedia Foundation
Product-mediawikidebian_linuxMediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2
CWE ID-CWE-20
Improper Input Validation
CVE-2021-35197
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 73.13%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 12:28
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).

Action-Not Available
Vendor-n/aDebian GNU/LinuxWikimedia FoundationFedora Project
Product-debian_linuxmediawikifedoran/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-35564
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.33%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkdebian_linuxgraalvmsnapmanagerhci_management_nodee-series_santricity_os_controlleractive_iq_unified_managere-series_santricity_storage_managerfedorae-series_santricity_web_servicesoncommand_workflow_automationsolidfiresantricity_unified_manageroncommand_insightJava SE JDK and JREdebian_linuxopenjdkgraalvmfedoraoncommand_insight
CVE-2022-27782
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.96%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 00:00
Updated-27 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Action-Not Available
Vendor-n/aSplunk LLC (Cisco Systems, Inc.)CURLDebian GNU/Linux
Product-universal_forwardercurldebian_linuxhttps://github.com/curl/curl
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-3735
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-38.62% / 97.34%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Action-Not Available
Vendor-Debian GNU/LinuxOpenSSL
Product-debian_linuxopensslOpenSSL
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17847
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.80%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.

Action-Not Available
Vendor-enigmailn/aDebian GNU/Linux
Product-debian_linuxenigmailn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-21305
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.55%
||
7 Day CHG-0.01%
Published-19 Jan, 2022 | 11:23
Updated-27 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxNetApp, Inc.
Product-cloud_secure_agentsantricity_unified_managerhci_management_nodeoncommand_workflow_automationsolidfirejdk7-mode_transition_toolgraalvmdebian_linuxopenjdksnapmanagere-series_santricity_web_servicese-series_santricity_storage_managerjreoncommand_insightsantricity_storage_plugine-series_santricity_os_controlleractive_iq_unified_managercloud_insights_acquisition_unitJava SE JDK and JRE
CWE ID-CWE-284
Improper Access Control
CVE-2012-4380
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.55% / 68.47%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found