Lucene search
K

35 matches found

Tenable Nessus
Tenable Nessus
added 2023/08/09 12:0 a.m.43 views

AlmaLinux 8 : nodejs:18 (ALSA-2023:4536)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4536 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.34 views

AlmaLinux 9 : nodejs:18 (ALSA-2023:4330)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4330 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References5
Veracode
Veracode
added 2023/07/23 4:52 a.m.31 views

HTTP Request Smuggling (HRS)

llhttp is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists because the http.js does not properly handle the CRLF sequence, allowing an attacker to smuggle HTTP requests by submitting Line feed LF characters without a Carriage Return CR...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References11Affected Software3
OSV
OSV
added 2023/07/01 12:30 a.m.34 views

GHSA-CGGH-PQ45-6H9X llhttp vulnerable to HTTP request smuggling

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.2AI score0.03906EPSS
Exploits1References13
AlpineLinux
AlpineLinux
added 2023/06/30 11:39 p.m.68 views

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.9AI score0.03906EPSS
Exploits1
Debian CVE
Debian CVE
added 2023/06/30 11:39 p.m.31 views

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.5AI score0.03906EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.3 views

SUSE CVE-2015-9096

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

5.3CVSS9.1AI score0.03675EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.25 views

CVE-2023-23950

User’s supplied input usually a CRLF sequence can be used to split a returning response into two responses...

6.4AI score0.00514EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.6 views

CVE-2023-23950

User’s supplied input usually a CRLF sequence can be used to split a returning response into two responses...

7.1AI score0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/14 12:0 a.m.33 views

CVE-2022-32214

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

7.4AI score0.77766EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/07/13 12:0 a.m.10 views

The vulnerability of the urllib2 module in the Python programming language, related to the failure to eliminate the crlf sequence, allows attackers to compromise data integrity.

The vulnerability of the urllib2 module in the Python programming language is related to the lack of measures taken to neutralize the crlf sequence. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

6.1CVSS6.8AI score0.05328EPSS
Exploits1References9Affected Software3
CNVD
CNVD
added 2017/11/01 12:0 a.m.6 views

Ruby mail gem command injection vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. mail gem is one of the e-mail processing libraries. A command injection vulnerability exists in Ruby mail gem versions prior to 2.5.5. The vulnerability c...

6.1CVSS6.8AI score0.03358EPSS
Exploits1References1
Prion
Prion
added 2008/12/12 6:30 p.m.16 views

Cross site scripting

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has...

4.3CVSS6.2AI score0.11565EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2008/12/12 6:30 p.m.18 views

Cross site scripting

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has...

4.3CVSS6.3AI score0.11565EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2002/06/22 12:0 a.m.35 views

AdvServer DoS

Title: AdvServer DoS Date: 21.06.02 Author: elab http://elaboration.8bit.co.uk Software: AdvServer Platform: Win32 Tested: Version 1.030000 Vendor: WWW: http://gamecheats.ws Contacted on: 30 May 02 Via: [email protected] && website Response: Within 2 days WARNING: This advisory has NOTHING to do...

7.1AI score
Exploits0
Rows per page
Query Builder