Search Results | AttackerKB

Show filters

Topics 3 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2021-43766

Disclosure Date: August 25, 2022 (last updated October 08, 2023)

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2021-23663

Disclosure Date: December 10, 2021 (last updated February 23, 2025)

All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2014-3643

Disclosure Date: December 15, 2019 (last updated November 27, 2024)

jersey: XXE via parameter entities not disabled by the jersey SAX parser

Attack Vector: Network Privileges: None User Interaction: None

0