Lucene search
K

16602 matches found

OSV
OSV
added 2024/05/28 6:26 p.m.10 views

GHSA-V858-922F-FJ9V SimpleSAMLphp Link Injection vulnerability

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...

5.4CVSS7AI score
Exploits0References5
Amazon
Amazon
added 2024/05/28 12:0 a.m.7 views

Medium: amazon-ecr-credential-helper

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS5.7AI score0.91969EPSS
Exploits1
RubySec
RubySec
added 2024/05/27 12:0 a.m.18 views

Denial of Service in rack-contrib via "profiler_runs" parameter

rack-contrib prior to version 2.5.0 is vulnerable to a Denial of Service via the profilerruns HTTP request parameter. Versions Affected: = 2.5.0 Impact An attacker can trigger a Denial of Service by sending an HTTP request with an overly large profilerruns parameter. shell curl...

8.6CVSS6.9AI score0.00661EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/24 9:15 p.m.30 views

CVE-2024-35232

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...

3.7CVSS4.1AI score0.00504EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/24 8:44 p.m.16 views

CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...

3.7CVSS6.8AI score0.00504EPSS
Exploits0References5
OSV
OSV
added 2024/05/24 8:44 p.m.50 views

CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...

3.7CVSS4.8AI score0.00504EPSS
Exploits0References7
OSV
OSV
added 2024/05/24 8:19 p.m.11 views

GHSA-3F65-M234-9MXR github.com/huandu/facebook may expose access_token in error message.

Summary accesstoken can be exposed in error message on fail in HTTP request. Details Using this module, when HTTP request fails, error message can contain accesstoken. This can be happen when: - module is sending HTTP request with query parameter ?accesstoken=.... - and HTTP request fails errors...

3.7CVSS4.1AI score0.00504EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/05/24 8:19 p.m.19 views

github.com/huandu/facebook may expose access_token in error message.

Summary accesstoken can be exposed in error message on fail in HTTP request. Details Using this module, when HTTP request fails, error message can contain accesstoken. This can be happen when: - module is sending HTTP request with query parameter ?accesstoken=.... - and HTTP request fails errors...

3.7CVSS6.5AI score0.00504EPSS
Exploits0References7Affected Software1
Oracle linux
Oracle linux
added 2024/05/24 12:0 a.m.70 views

httpd:2.4 security update

httpd 2.4.37-64.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-64 - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.37-63 - modxml2enc: fix media type handling Resolves: RHEL-14321 modhttp2 1.15.7-10 - Resolves: RHEL-29817 -...

7.5CVSS7.5AI score0.99999EPSS
Exploits30
NVD
NVD
added 2024/05/23 8:15 p.m.16 views

CVE-2024-5201

Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request...

8.8CVSS8.9AI score0.00373EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/23 7:11 p.m.14 views

CVE-2024-5201 Dimensions RM - Privilege Escalation

Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request...

8.8CVSS8.9AI score0.00373EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/23 7:11 p.m.10 views

CVE-2024-5201 Dimensions RM - Privilege Escalation

Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request...

8.8CVSS7.1AI score0.00373EPSS
Exploits0References1
CVE
CVE
added 2024/05/23 7:11 p.m.74 views

CVE-2024-5201

CVE-2024-5201 describes a privilege escalation in OpenText Dimensions RM where an authenticated user can elevate to another user’s privileges via an HTTP request. The affected product is OpenText Dimensions RM; the underlying root cause and exact exploit path are not detailed in the provided docu...

8.8CVSS8.9AI score0.00373EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/23 6:10 p.m.40 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

7.5CVSS7.1AI score0.91969EPSS
Exploits1References16
OSV
OSV
added 2024/05/23 1:15 a.m.11 views

CVE-2024-3708

A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes: 1. cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior cou...

6.6AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/23 12:11 a.m.24 views

CVE-2024-3708

...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.50 views

Apache Tomcat 8.0.0.RC1 < 8.0.39 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.39security-8 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...

10CVSS7.4AI score0.92334EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.58 views

Apache Tomcat 7.0.0 < 7.0.73 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.73. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.73security-7 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...

10CVSS7.4AI score0.92334EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.58 views

Apache Tomcat 9.0.0.M1 < 9.0.0.M13 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.0.m13security-9 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x befor...

10CVSS7.3AI score0.92334EPSS
Exploits8References9
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.51 views

Apache Tomcat 8.5.0 < 8.5.51 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.51. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.51security-8 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References12
Rows per page
Query Builder