CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16592 matches found

CVE•added 2024/11/28 10:21 a.m.•48 views

CVE-2024-8308

CVE-2024-8308 concerns the Siempelkamp NIS UmweltOffice web application. Multiple connected sources confirm a vulnerability in the HTTP request input handling that enables a low-privileged remote attacker to perform a SQL injection and exfiltrate all data. Affected software is UmweltOffice (Siemp...

6.5CVSS6.8AI score0.00602EPSS

Exploits0References1

NVD•added 2024/11/28 3:15 a.m.•26 views

CVE-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

5.3CVSS0.01043EPSS

Exploits0References6

OSV•added 2024/11/28 3:15 a.m.•3 views

DEBIAN-CVE-2024-53008

5.3CVSS5.5AI score0.01043EPSS

Exploits0References1

OSV•added 2024/11/28 3:15 a.m.•11 views

CVE-2024-53008

5.3CVSS6.6AI score

Exploits0References6

Vulnrichment•added 2024/11/28 2:10 a.m.•8 views

CVE-2024-53008

5.3CVSS5.3AI score0.01043EPSS

Exploits0References6

Debian CVE•added 2024/11/28 2:10 a.m.•6 views

CVE-2024-53008

5.3CVSS5.5AI score0.01043EPSS

Exploits0

OSV•added 2024/11/28 12:0 a.m.•2 views

UBUNTU-CVE-2024-53008

5.3CVSS6.1AI score0.01043EPSS

Exploits0References4

OpenVAS•added 2024/11/28 12:0 a.m.•13 views

Ubuntu: Security Advisory (USN-7126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.4CVSS8.5AI score0.00933EPSS

Exploits2References2

OpenVAS•added 2024/11/28 12:0 a.m.•21 views

Ubuntu: Security Advisory (USN-7127-1)

8.4CVSS8.5AI score0.00933EPSS

Exploits2References2

OpenVAS•added 2024/11/28 12:0 a.m.•11 views

Fedora: Security Advisory (FEDORA-2024-bd09057dd2)

7.5CVSS8.5AI score0.00933EPSS

Exploits1References4

OSV•added 2024/11/27 7:20 p.m.•14 views

BIT-PHP-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

7.2CVSS7.3AI score0.01132EPSS

Exploits1References4

Ubuntu•added 2024/11/27 12:38 a.m.•251 views

USN-7126-1: libsoup vulnerabilities

It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. CVE-2024-52530 It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An...

8.4CVSS7.4AI score0.00933EPSS

Exploits2

Ubuntu•added 2024/11/27 12:29 a.m.•16 views

USN-7127-1: libsoup3 vulnerabilities

It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-52530 It was discovered that libsoup did not...

8.4CVSS7.4AI score0.00933EPSS

Exploits2

Positive Technologies•added 2024/11/27 12:0 a.m.•2 views

PT-2024-8962 · Haproxy +6 · Haproxy +6

Name of the Vulnerable Software and Affected Versions: HAProxy affected versions not specified Description: The issue is related to an inconsistent interpretation of HTTP requests, also known as 'HTTP Request/Response Smuggling' or 'Contrabando de solicitudes/respuestas HTTP'. This allows a remot...

5.3CVSS4.9AI score0.01043EPSS

Exploits0References37

Japan Vulnerability Notes•added 2024/11/27 12:0 a.m.•8 views

JVN#88385716: HAProxy vulnerable to HTTP request/response smuggling

HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may...

5.3CVSS6.8AI score0.01043EPSS

Exploits0

Tenable Nessus•added 2024/11/27 12:0 a.m.•14 views

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : libsoup3 vulnerabilities (USN-7127-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7127-1 advisory. It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue...

8.4CVSS7.3AI score0.00933EPSS

Exploits2References4

Tenable Nessus•added 2024/11/27 12:0 a.m.•15 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : libsoup vulnerabilities (USN-7126-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7126-1 advisory. It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could...

8.4CVSS7.3AI score0.00933EPSS

Exploits2References4

Ubuntu•added 2024/11/26 6:25 p.m.•240 views

USN-6988-2: Twisted vulnerability

USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that previous releases were unaffected. This update provides the equivalent fix for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Ben Kallus discovered that Twisted incorrectly handled...

8.3CVSS7.9AI score0.00856EPSS

Exploits0