Lucene search
K

16600 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/13 12:0 a.m.28 views

SUSE SLES15 / openSUSE 15 Security Update : python-gunicorn (SUSE-SU-2024:2881-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2881-1 advisory. - CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers bsc1222950 Tenable has...

7.5CVSS7.5AI score0.02996EPSS
Exploits0References4
OSV
OSV
added 2024/08/12 3:40 p.m.16 views

SUSE-SU-2024:2881-1 Security update for python-gunicorn

This update for python-gunicorn fixes the following issues: - CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers bsc1222950...

7.5CVSS7.2AI score0.02996EPSS
Exploits0References3
NVD
NVD
added 2024/08/12 1:38 p.m.23 views

CVE-2024-39815

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to...

9.4CVSS0.00771EPSS
Exploits0References1
NVD
NVD
added 2024/08/12 1:38 p.m.12 views

CVE-2024-37826

A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.01246EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/12 12:0 a.m.202 views

Computer And Mobile Repair Shop Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Computer and Mobile Repair Shop Management System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.4 views

PT-2024-6830 · Sap · Sap Crm Abap

Name of the Vulnerable Software and Affected Versions: SAP CRM ABAP affected versions not specified Description: The issue is related to insufficient checking of incoming HTTP requests in the Insights Management component of the SAP CRM ABAP integration module. This can allow a remote attacker to...

5CVSS7.2AI score0.00262EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/08/09 12:0 a.m.19 views

CVE-2024-37826

A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

0.01246EPSS
Exploits0References1
CVE
CVE
added 2024/08/09 12:0 a.m.45 views

CVE-2024-37826

CVE-2024-37826 describes a NULL pointer dereference in vercot Serva v4.6.0 that can cause a Denial of Service (DoS) via a crafted HTTP request. Public sources (NVD, CVE listing, Red Hat, CNNVD, CVE database) corroborate the same issue. According to the available data, the attack vector is NETWORK...

7.5CVSS6.8AI score0.01246EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/09 12:0 a.m.9 views

CVE-2024-37826

A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

6.9AI score0.01246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.4 views

PT-2024-27769 · Vercot · Serva

Name of the Vulnerable Software and Affected Versions: vercot Serva version 4.6.0 Description: A NULL pointer dereference in vercot Serva allows attackers to cause a Denial of Service DoS via a crafted HTTP request. Recommendations: For version 4.6.0, consider disabling the HTTP request handling...

7.5CVSS6.2AI score0.01246EPSS
Exploits0References7
CVE
CVE
added 2024/08/08 7:33 p.m.57 views

CVE-2024-39815

CVE-2024-39815 affects Vonets industrial WiFi bridge relays and WiFi bridge repeaters (versions 3.3.23.6.9 and prior). Root cause: improper check/handling of exceptional conditions enabling an unauthenticated remote attacker to crash the service via a specially crafted HTTP request to pre-authent...

9.4CVSS9.1AI score0.00771EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/08 7:33 p.m.29 views

CVE-2024-39815 Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to...

9.4CVSS0.00771EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 2:17 p.m.36 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2023-27561, CVE-2023-28642, CVE-2023-25809, CVE-2022-32149, CVE-2022-41723, CVE-2022-41721, CVE-2022-27664, CVE-2022-29162, CVE-2021-43784, CVE-2023-2517 Vulnerability Details CVEID:CVE-2023-27561 DESCRIPTION...

7.8CVSS8.8AI score0.04561EPSS
Exploits5Affected Software1
Cvelist
Cvelist
added 2024/08/02 4:33 p.m.35 views

CVE-2024-7314 anji-plus AJ-Report Authentication Bypass

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...

9.8CVSS0.51468EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/02 8:4 a.m.65 views

Security Bulletin: gunicorn-20.1.0-py3-none-any

Summary Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn'...

7.5CVSS7.4AI score0.02996EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/08/02 12:0 a.m.5 views

AJ-Report 安全漏洞

AJ-Report is an open source visual design tool from anji-plus. A security vulnerability exists in AJ-Report versions prior to 1.4.1, which originates from a remote, unauthenticated attacker who can attach swagger-ui to an HTTP request to bypass authentication and execute arbitrary Java on the...

9.8CVSS7.4AI score0.51468EPSS
Exploits1References7
Veracode
Veracode
added 2024/07/30 8:38 a.m.15 views

HTTP Request/Response Smuggling

Twisted is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to the HTTP 1.0 and 1.1 server provided by twisted.web which can process pipelined HTTP requests out-of-order...

8.3CVSS6.7AI score0.01755EPSS
Exploits1References6Affected Software2
Redos
Redos
added 2024/07/30 12:0 a.m.32 views

ROS-20240730-08

Eclipse Jetty servlet container vulnerability is related to errors in processing input data length parameters. data length parameters. Exploitation of the vulnerability could allow an attacker acting remotely to perform a "HTTP request smuggling" attack The Eclipse Jetty servlet container...

5.3CVSS7.7AI score0.01069EPSS
Exploits1
NVD
NVD
added 2024/07/26 9:15 p.m.21 views

CVE-2024-41628

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API...

7.5CVSS0.06464EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2024/07/26 10:15 a.m.22 views

CVE-2023-38522

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from...

7.5CVSS7AI score0.00987EPSS
Exploits0References3
Rows per page
Query Builder