Lucene search
K

16598 matches found

Vulnrichment
Vulnrichment
added 2024/10/11 6:22 p.m.10 views

CVE-2024-8912 HTTP Request Smuggling in Looker

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: Looker Google Cloud core was found to be vulnerable. This issue has already been mitigated and our...

8.9CVSS7.1AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2024/10/11 6:22 p.m.44 views

CVE-2024-8912

CVE-2024-8912 describes an HTTP Request Smuggling vulnerability in Looker. The issue affects customer-hosted Looker instances, which must be upgraded to the latest supported versions to be protected. Looker on Google Cloud core was reported as vulnerable but mitigated with no signs of exploitatio...

8.9CVSS6.5AI score0.00189EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.4 views

PT-2024-39313 · Looker · Looker

Name of the Vulnerable Software and Affected Versions: Looker versions prior to 23.12.123 Looker versions prior to 23.18.117 Looker versions prior to 24.0.92 Looker versions prior to 24.6.77 Looker versions prior to 24.8.66 Looker versions prior to 24.10.78 Looker versions prior to 24.12.56 Looke...

8.9CVSS6.5AI score0.00189EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/10/10 12:0 a.m.36 views

RHEL 8 : Satellite 6.15.4 Security Update (Moderate) (RHSA-2024:7987)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7987 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

9.8CVSS6.6AI score0.02996EPSS
Exploits0References18
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 5:8 p.m.73 views

Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System.

Summary Mulitple vulnerabilities have been addressed in IBM Cloud Pak System 2.3.4.0 and IBM Cloud Pak System 2.3.5.0. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the...

9.8CVSS10AI score0.90407EPSS
Exploits8Affected Software1
Talos Blog
Talos Blog
added 2024/10/09 4:0 p.m.27 views

Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project

Cisco Talos' Vulnerability Research team recently disclosed six new security vulnerabilities across a range of software, including one in a popular PDF reader that could lead to arbitrary code execution. Foxit PDF Reader, one of the most popular alternatives to Adobe Acrobat, contains a memory...

8.8CVSS8.5AI score0.47107EPSS
Exploits4
OpenVAS
OpenVAS
added 2024/10/09 12:0 a.m.15 views

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-2540)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS5.7AI score0.01207EPSS
Exploits1References2
OSV
OSV
added 2024/10/08 6:33 p.m.9 views

GHSA-5WPR-CJ9P-959R HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

6.9CVSS5.1AI score0.00653EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/10/08 6:33 p.m.17 views

HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS6.8AI score0.00653EPSS
Exploits0References6Affected Software1
Ubuntu
Ubuntu
added 2024/10/08 4:35 p.m.12 views

USN-7057-2: WEBrick vulnerability

USN-7057-1 fixed a vulnerability in WEBrick. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer-Encoding header. A remote attacker could possibly use...

6.9AI score0.00393EPSS
Exploits0
Cvelist
Cvelist
added 2024/10/08 4:26 p.m.26 views

CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS0.00653EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 1:47 p.m.38 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy

Summary Vulnerabilities in Eclipse Jetty shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a...

7.5CVSS8AI score0.99999EPSS
Exploits22Affected Software1
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.4 views

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse has a security vulnerability. An attacker could issue multiple XHR requests until the cache was polluted by a response without any...

8.2CVSS6.5AI score0.01593EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.5 views

RESTEasy 环境问题漏洞

RESTEasy is a JBoss.org project open sourced by RESTEasy. It is designed to provide a productivity framework for developing client-side and server-side RESTful applications and services in Java. An environmental issue vulnerability exists in RESTEasy that stems from the improper handling of HTTP...

5.3CVSS7.1AI score0.00653EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.5 views

PT-2024-7091 · Tp Link · Tp-Link Tl-Wdr7660

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WDR7660 version 1.0 Description: The issue is related to the wlanTimerRuleJsonToBin function, which handles input data without proper size validation, potentially leading to a stack overflow. This can be exploited by a remote...

6.5CVSS7.2AI score0.00364EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2024/10/08 12:0 a.m.11 views

Ubuntu: Security Advisory (USN-7057-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.7AI score0.00393EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/10/07 11:29 a.m.12 views

USN-7057-1: WEBrick vulnerability

It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer-Encoding header. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack...

6.9AI score0.00393EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.14 views

PT-2024-7028 · Unknown +2 · Resteasy-Netty4 +2

Name of the Vulnerable Software and Affected Versions: resteasy-netty4 library affected versions not specified Description: A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an...

9.8CVSS6.1AI score0.04913EPSS
Exploits1References46
Tenable Nessus
Tenable Nessus
added 2024/10/07 12:0 a.m.24 views

Ubuntu 24.04 LTS : WEBrick vulnerability (USN-7057-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7057-1 advisory. It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer- Encoding header. A remote attacker could possibly use this...

7AI score0.00393EPSS
Exploits0References2
NVD
NVD
added 2024/10/04 6:15 a.m.12 views

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...

6.1CVSS0.00657EPSS
Exploits1References2
Rows per page
Query Builder