Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Client Server (technology class) Weaknesses
ID:BOSS-303
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
110Vulnerabilities found
CVE-2022-27662
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 39.49%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:29
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-traffix_signaling_delivery_controllerTraffix SDC
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CVE-2021-38447
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.6||HIGH
EPSS-0.09% / 26.84%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 15:18
Updated-16 Apr, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OCI OpenDDS Secure Amplification

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.

Action-Not Available
Vendor-objectcomputingOCI
Product-openddsOpenDDS
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CVE-2022-29820
Assigner-JetBrains s.r.o.
ShareView Details
Assigner-JetBrains s.r.o.
CVSS Score-3||LOW
EPSS-0.00% / 0.02%
||
7 Day CHG~0.00%
Published-28 Apr, 2022 | 09:55
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-pycharmPyCharm
CWE ID-CWE-1327
Binding to an Unrestricted IP Address
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-0944
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.1||CRITICAL
EPSS-56.66% / 98.03%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 01:00
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.

Action-Not Available
Vendor-sqlpadsqlpad
Product-sqlpadsqlpad/sqlpad
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-0896
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-0.96% / 75.50%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 11:20
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-0323
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 18:00
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.

Action-Not Available
Vendor-mustache_projectbobthecow
Product-mustachebobthecow/mustache.php
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-39128
Assigner-Atlassian
ShareView Details
Assigner-Atlassian
CVSS Score-7.2||HIGH
EPSS-0.71% / 71.39%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 05:20
Updated-11 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerJira ServerJira Data Centerjira_serverjira_data_center
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-21359
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-2.56% / 84.94%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 01:55
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Page Error Handling

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.

Action-Not Available
Vendor-TYPO3 Association
Product-typo3TYPO3.CMS
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CVE-2019-11479
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-5.3||MEDIUM
EPSS-13.51% / 93.95%
||
7 Day CHG~0.00%
Published-18 Jun, 2019 | 23:34
Updated-16 Sep, 2024 | 23:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncF5, Inc.
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linuxvirtualization_hostbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systemiworkflowbig-ip_application_security_managerbig-ip_edge_gatewaylinux_kernelbig-ip_link_controllerbig-iq_centralized_managemententerprise_managerbig-ip_access_policy_managertraffix_signaling_delivery_controllerbig-ip_advanced_firewall_managerLinux kernel
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-15492
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.93%
||
7 Day CHG~0.00%
Published-18 Aug, 2018 | 02:00
Updated-05 Aug, 2024 | 09:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.

Action-Not Available
Vendor-gemalton/a
Product-sentinel_license_managern/a
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
  • Previous
  • 1
  • 2
  • 3
  • Next