CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1629 matches found

UbuntuCve•added 2022/06/27 10:15 p.m.•39 views

CVE-2022-31090

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wi...

7.7CVSS7AI score0.01424EPSS

Exploits0References4

Vulnrichment•added 2022/06/27 12:0 a.m.•7 views

CVE-2022-31091 Change in port should be considered a change in origin in Guzzle

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...

7.7CVSS7.4AI score0.01149EPSS

Exploits0References4

Debian CVE•added 2022/06/27 12:0 a.m.•52 views

CVE-2022-31090

7.7CVSS7.4AI score0.01424EPSS

Exploits0

Cvelist•added 2022/06/27 12:0 a.m.•34 views

CVE-2022-31091 Change in port should be considered a change in origin in Guzzle

7.7CVSS7.8AI score0.01149EPSS

Exploits0References4

CVE•added 2022/06/27 12:0 a.m.•131 views

CVE-2022-31090

CVE-2022-31090 affects Guzzle (PHP HTTP client): when using the Curl handler, a request following a redirect to a different origin can keep the CURLOPT_HTTPAUTH-injected Authorization header, enabling potential exposure of sensitive credentials. Root cause: the Authorization header is not cleared...

7.7CVSS7.4AI score0.01424EPSS

Exploits0References4Affected Software1

CVE•added 2022/06/27 12:0 a.m.•114 views

CVE-2022-31091

CVE-2022-31091 affects the Guzzle HTTP client. When following redirects that change port (or scheme/host), the request may inappropriately retain sensitive headers (Authorization, Cookie). The issue is that a redirect to a URI with a different port previously did not trigger header removal for sc...

7.7CVSS7.5AI score0.01149EPSS

Exploits0References4Affected Software1

NVD•added 2022/06/10 12:15 a.m.•18 views

CVE-2022-31042

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

7.5CVSS0.01808EPSS

Exploits0References5

NVD•added 2022/06/10 12:15 a.m.•21 views

CVE-2022-31043

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

7.5CVSS0.01808EPSS

Exploits0References5

UbuntuCve•added 2022/06/10 12:15 a.m.•40 views

CVE-2022-31042

7.5CVSS7AI score0.01808EPSS

Exploits0References5

Prion•added 2022/06/10 12:15 a.m.•29 views

Open redirect

5CVSS7.6AI score0.01808EPSS

Exploits0References5Affected Software3

UbuntuCve•added 2022/06/10 12:15 a.m.•46 views

CVE-2022-31043

7.5CVSS7.1AI score0.01808EPSS

Exploits0References5

Tenable Nessus•added 2022/06/10 12:0 a.m.•47 views

Amazon Linux AMI : python27 (ALAS-2022-1593)

The version of python27 installed on the remote host is prior to 2.7.18-2.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1593 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-2761...

9.8CVSS7.2AI score0.37325EPSS

Exploits4References13

Cvelist•added 2022/06/09 12:0 a.m.•31 views

CVE-2022-31043 Fix failure to strip Authorization header on HTTP downgrade in Guzzle

7.5CVSS7.7AI score0.01808EPSS

Exploits0References5

CVE•added 2022/06/09 12:0 a.m.•132 views

CVE-2022-31042

Guzzle CVE-2022-31042 affects the handling of Cookie headers during redirects (https→http or host changes). The issue was fixed by stripping cookies on redirects and re-adding only safe cookies via the cookie middleware. Affected versions require upgrades: Guzzle 7 should move to 7.4.4 or later, ...

7.5CVSS7.6AI score0.01808EPSS

Exploits0References5Affected Software1

CVE•added 2022/06/09 12:0 a.m.•127 views

CVE-2022-31043

CVE-2022-31043 affects the PHP HTTP client Guzzle . The vulnerability arises when a request uses HTTPS and the server redirects to an HTTP URI, causing the Authorization header to be forwarded when it should be stripped. Prior fixes removed the header for host changes but not for scheme changes, ...

7.5CVSS7.5AI score0.01808EPSS

Exploits0References5Affected Software1

Debian CVE•added 2022/06/09 12:0 a.m.•41 views

CVE-2022-31043

7.5CVSS7.5AI score0.01808EPSS

Exploits0

Debian CVE•added 2022/06/09 12:0 a.m.•42 views

CVE-2022-31042

7.5CVSS7.6AI score0.01808EPSS

Exploits0

Cvelist•added 2022/06/09 12:0 a.m.•37 views

CVE-2022-31042 Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle

7.5CVSS7.8AI score0.01808EPSS

Exploits0References5

0day.today•added 2022/06/09 12:0 a.m.•732 views

Atlassian Confluence Namespace OGNL Injection Exploit

This Metasploit module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to evaluate an OGNL expression resulting in OS command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS0.4AI score0.99999EPSS

Exploits115

OSV•added 2022/06/09 12:0 a.m.•25 views

CVE-2022-31042 Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle

7.5CVSS7.4AI score0.01808EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by