CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43780 – Server-Side Request Forgery (SSRF) in Redash
https://notcve.org/view.php?id=CVE-2021-43780
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. Users should upgrade to version 10.0.1 to receive this patch. • https://github.com/getredash/redash/commit/61bbb5aa7a23a93f2f93710005f71bc972826099 https://github.com/getredash/redash/security/advisories/GHSA-fcpv-hgq6-87h7 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7336
https://notcve.org/view.php?id=CVE-2018-7336
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. ... En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 02/02/2012, el disector FCP podría cerrarse inesperadamente. • http://www.securityfocus.com/bid/103166 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b56f598f1bc04f5d00f13b38c713763928cedb7c https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-09.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6216
https://notcve.org/view.php?id=CVE-2007-6216
Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs. Condición de carrera en el controlador de protocolo Fibre Channel protocol (fcp) y sistema de archivos Devices (devfs) en Sun Solaris 10 permite a usuarios locales provocar denegación de servicio (cuelgue del sistema) a través de algunos programas quye acceden a los recursos hardware, como se demostró por los programas (1) cfgadm y (2) format. • http://osvdb.org/40826 http://osvdb.org/40827 http://secunia.com/advisories/27867 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102947-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200182-1 http://www.securityfocus.com/bid/26653 http://www.securitytracker.com/id?1019025 http://www.vupen.com/english/advisories/2007/4043 https://exchange.xforce.ibmcloud.com/vulnerabilities/38767 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •