CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AlmaLinux•added 2024/05/22 12:0 a.m.•49 views

Moderate: libX11 security update

The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: out-of-bounds memory access in XkbReadKeySyms CVE-2023-43785 libX11: stack exhaustion from infinite recursion in PutSubImage CVE-2023-43786 libX11: integer overflow in XCreateImage leading to a heap overflow...

7.8CVSS7.2AI score0.001EPSS

Exploits1References8

IBM Security Bulletins•added 2024/05/11 4:57 p.m.•43 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, authentication bypass, and incorrect privilege assignment due to Golang vulnerabilities.

Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability...

7.5CVSS8.2AI score0.64852EPSS

Exploits6Affected Software1

Tenable Nessus•added 2024/05/11 12:0 a.m.•32 views

RHEL 7 : urllib3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect...

7.2AI score0.00223EPSS

Tenable Nessus•added 2024/04/26 12:0 a.m.•57 views

CentOS 9 : python-urllib3-1.26.5-5.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- urllib3-1.26.5-5.el9 build changelog. - urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect...

4.2CVSS6.9AI score0.00056EPSS

CNNVD•added 2024/04/04 12:0 a.m.•1 views

Undici 安全漏洞

undici is an HTTP/1.1 client. A security vulnerability exists in Undici that stems from not clearing the Proxy-Authorization header when performing cross-domain redirects for dispatch, request, stream, pipeline, etc. Affected products and versions: Undici versions prior to 5.28.3, 6.0.0 through...

4.3CVSS6.3AI score0.00198EPSS

Exploits0References8

OSV•added 2024/03/26 2:50 a.m.•14 views

CVE-2024-29189 ansys-geometry-core OS Command Injection vulnerability

PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/productinstance.py, upon calling this method startprogram directly, users could exploit its usage to perform malicious operations on the current...

7.4CVSS7.1AI score0.00118EPSS

Exploits1References9

CVE•added 2024/03/26 2:50 a.m.•60 views

CVE-2024-29189

CVE-2024-29189 affects the PyAnsys Geometry library (ansys-geometry-core) and specifically the internal _start_program routine in src/ansys/geometry/core/connection/product_instance.py. The vulnerability arises from invoking subprocess.Popen with a shell context (shell flag enables shell executio...

7.8CVSS7.2AI score0.00118EPSS

Exploits1References7Affected Software1

Cvelist•added 2024/03/26 2:50 a.m.•13 views

CVE-2024-29189 ansys-geometry-core OS Command Injection vulnerability

7.4CVSS7.5AI score0.00118EPSS

Exploits1References7

Tenable Nessus•added 2024/03/21 12:0 a.m.•29 views

EulerOS Virtualization 2.11.1 : python-urllib3 (EulerOS-SA-2024-1407)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

OpenVAS•added 2024/03/21 12:0 a.m.•26 views

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.7AI score0.0095EPSS

Tenable Nessus•added 2024/03/14 12:0 a.m.•24 views

EulerOS Virtualization 2.10.1 : python-urllib3 (EulerOS-SA-2024-1369)

Tenable Nessus•added 2024/03/14 12:0 a.m.•23 views

EulerOS Virtualization 2.10.0 : python-urllib3 (EulerOS-SA-2024-1390)

Tenable Nessus•added 2024/03/12 12:0 a.m.•45 views

EulerOS 2.0 SP8 : python-pip (EulerOS-SA-2024-1295)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in...

8.1CVSS7AI score0.0095EPSS

OpenVAS•added 2024/03/12 12:0 a.m.•28 views

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1296)