Lucene search
K

16601 matches found

RedHat Linux
RedHat Linux
added 2024/06/24 1:8 a.m.27 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-gunicorn) security update

An update for python-gunicorn is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.2AI score0.02996EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/24 12:0 a.m.29 views

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-gunicorn) (RHSA-2024:4054)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4054 advisory. Gunicorn Green Unicorn is a Python WSGI HTTP server for UNIX. Security Fixes: HTTP Request Smuggling due to improper validation of Transfer-Encoding...

7.5CVSS7.5AI score0.02996EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 2:20 p.m.28 views

Security Bulletin: HTTP request smuggling vulnerability in IBM Business Automation Workflow Machine Learning Server CVE-2024-1135

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF003 addresses the following vulnerability CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling,...

7.5CVSS7.2AI score0.02996EPSS
Exploits0Affected Software2
Zero Day Initiative
Zero Day Initiative
added 2024/06/18 12:0 a.m.16 views

Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this...

7.8CVSS7.5AI score0.00689EPSS
Exploits0References1
CNVD
CNVD
added 2024/06/18 12:0 a.m.7 views

Schneider Electric SAGE RTUs Out-of-Bounds Read Vulnerability

Schneider Electric SAGE RTUs are a high-performance device for industrial automation and remote monitoring from Schneider Electric, France. An out-of-bounds read vulnerability exists in the Schneider Electric SAGE RTUs, which can be exploited by an attacker to cause a denial of service in the...

7.5CVSS6.9AI score0.00894EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/06/17 12:0 a.m.289 views

SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw

Exploit Title: Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6 Date: 6/2024 Exploit Author: Andrey Stoykov Version: 1.9.0.6 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html Description - It was found that the applicatio...

7.4AI score
Exploits0
Rockylinux
Rockylinux
added 2024/06/14 2:0 p.m.29 views

nodejs:20 security update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

8.2CVSS7.4AI score0.87211EPSS
Exploits2
OSV
OSV
added 2024/06/14 2:0 p.m.43 views

RLSA-2024:2910 Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...

7.5CVSS7AI score0.87211EPSS
Exploits2References6
OSV
OSV
added 2024/06/14 2:0 p.m.30 views

RLSA-2024:2853 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

7.5CVSS6.9AI score0.87211EPSS
Exploits2References6
NVD
NVD
added 2024/06/14 3:15 a.m.15 views

CVE-2024-27141

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...

5.9CVSS0.01115EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/14 2:21 a.m.17 views

CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...

5.9CVSS6.9AI score0.01115EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 12:0 a.m.38 views

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-27982...

8.2CVSS6.9AI score0.87211EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.30 views

Rocky Linux 9 : nodejs (RLSA-2024:2910)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2910 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References11
NVD
NVD
added 2024/06/13 7:15 p.m.13 views

CVE-2024-36588

An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request...

6.5CVSS0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/13 12:0 a.m.9 views

CVE-2024-36588

An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request...

6.9AI score0.00391EPSS
Exploits0References1
CVE
CVE
added 2024/06/13 12:0 a.m.49 views

CVE-2024-36588

CVE-2024-36588 affects Annonshop.app’s DecentralizeJustice/anonymousLocker component (commit 2b2b4). The issue allows attackers to send messages that are erroneously attributed to arbitrary users via a crafted HTTP request. According to the CVE record, the vulnerability has a CVSS 3.1 base score ...

6.5CVSS7.1AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/13 12:0 a.m.13 views

CVE-2024-36588

An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request...

0.00391EPSS
Exploits0References1
OSV
OSV
added 2024/06/12 5:15 p.m.4 views

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...

7.5CVSS5.8AI score0.00894EPSS
Exploits0References1
NVD
NVD
added 2024/06/12 5:15 p.m.22 views

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...

7.5CVSS0.00894EPSS
Exploits0References1
OSV
OSV
added 2024/06/12 5:15 p.m.4 views

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...

7.5CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder