Lucene search
K

16601 matches found

Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.21 views

CBL Mariner 2.0 Security Update: nodejs18 / nodejs (CVE-2024-27982)

The version of nodejs18 / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27982 advisory. - The team has identified a critical vulnerability in the http server of the most recent version of...

6.5CVSS7.1AI score0.01155EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/01 12:0 a.m.31 views

Debian dla-3851 : gunicorn - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3851 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3851-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7.5AI score0.02996EPSS
Exploits0References4
Debian
Debian
added 2024/06/30 10:4 p.m.14 views

[SECURITY] [DLA 3851-1] gunicorn security update

Debian LTS Advisory DLA-3851-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 30, 2024 https://wiki.debian.org/LTS Package : gunicorn Version : 19.9.0-1+deb10u1 CVE ID : CVE-2024-1135 Debian Bug : 1069126 Gunicorn, an event-based HTTP/WSGI server, fails to...

7.5CVSS7AI score0.02996EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 3:21 p.m.28 views

Security Bulletin: Vulnerability in Gunicorn affects IBM Process Mining CVE-2024-1135

Summary There is a vulnerability in Gunicorn that could allow an attacker to conduct XSS attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicor...

7.5CVSS7.5AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 2:14 p.m.30 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-27983, CVE-2024-27980, CVE-2024-22329, CVE-2024-27982, CVE-2024-22354, CVE-2024-4068. Vulnerability Details CVEID:CVE-2024-27983 DESCRIPTION: Node.j...

8.2CVSS8.9AI score0.87211EPSS
Exploits2Affected Software1
Veracode
Veracode
added 2024/06/26 7:17 a.m.14 views

URL Rewrite

zendframework/zend-feed is vulnerable to URL Rewrite. The vulnerability is due to marshaling a request URI that includes logic to introspect HTTP request headers specific to a server-side URL rewrite mechanism. The attacker can emulate these headers to request arbitrary content...

7.1AI score
Exploits0
Talos
Talos
added 2024/06/26 12:0 a.m.42 views

Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability June 26, 2024 CVE Number CVE-2024-5011 SUMMARY An uncontrolled resource consumption vulnerability exists in the TestController Chart functionality of Progress...

7.5CVSS7.6AI score0.47092EPSS
Exploits0
Talos
Talos
added 2024/06/26 12:0 a.m.54 views

Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability

Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...

6.5CVSS6.6AI score0.01636EPSS
Exploits1
Talos
Talos
added 2024/06/26 12:0 a.m.31 views

Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities

Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress Softwa...

7.5CVSS7.7AI score0.69952EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 10:5 p.m.28 views

Security Bulletin: Maximo Application Suite - gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP...

7.5CVSS7.3AI score0.02996EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/06/25 9:16 p.m.35 views

CVE-2024-5017

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure...

6.5CVSS0.01636EPSS
Exploits1References3
NVD
NVD
added 2024/06/25 8:15 p.m.20 views

CVE-2024-5010

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information...

7.5CVSS0.69952EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/25 8:1 p.m.21 views

CVE-2024-5011 WhatsUp Gold TestController Chart denial of service vulnerability

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service...

7.5CVSS6.9AI score0.47092EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/25 8:0 p.m.14 views

CVE-2024-5010 WhatsUp Gold TestController multiple information disclosure vulnerabilities

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information...

7.5CVSS6.6AI score0.69952EPSS
Exploits0References3
CVE
CVE
added 2024/06/25 8:0 p.m.53 views

CVE-2024-5010

Progress Software’s WhatsUp Gold TestController contains an information-disclosure vulnerability (CVE-2024-5010) affecting versions such as 23.1.0 Build 1697 prior to 23.1.3. An unauthenticated HTTP request can disclose sensitive data (e.g., Devices and NetworkInterfaces), enabling disclosure of ...

7.5CVSS7.4AI score0.69952EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:36 p.m.4 views

Malicious code in http-request-query (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 1:36 p.m.9 views

MAL-2024-5211 Malicious code in http-request-query (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2024/06/25 12:0 a.m.24 views

Mageia: Security Advisory (MGASA-2024-0236)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.02996EPSS
Exploits0References4
Mageia
Mageia
added 2024/06/24 7:4 p.m.48 views

Updated python-gunicorn packages fix security vulnerability

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.5CVSS7AI score0.02996EPSS
Exploits0References2
OSV
OSV
added 2024/06/24 7:4 p.m.14 views

MGASA-2024-0236 Updated python-gunicorn packages fix security vulnerability

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.5CVSS7.4AI score0.02996EPSS
Exploits0References3
Rows per page
Query Builder