Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-44593 | 1 Solidwp | 1 Solid Security | 2024-06-24 | 5.3 Medium |
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1. | ||||
CVE-2024-27773 | 2024-06-20 | 8.8 High | ||
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE | ||||
CVE-2024-23105 | 1 Fortinet | 1 Fortiportal | 2024-06-04 | 7.5 High |
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets. | ||||
CVE-2022-31813 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2023-11-07 | 9.8 Critical |
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. | ||||
CVE-2023-35906 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2023-09-08 | 7.5 High |
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. | ||||
CVE-2022-2255 | 2 Debian, Modwsgi | 2 Debian Linux, Mod Wsgi | 2022-10-01 | 7.5 High |
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. | ||||
CVE-2021-21373 | 1 Nim-lang | 1 Nim | 2021-03-31 | 5.9 Medium |
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. | ||||
CVE-2021-21374 | 1 Nim-lang | 1 Nim | 2021-03-30 | 8.1 High |
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. |
Page 1 of 1.