Lucene search
K

16603 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.50 views

Apache Tomcat 8.0.0.RC1 < 8.0.39 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.39security-8 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...

10CVSS7.4AI score0.92334EPSS
Exploits7References6
RedHat Linux
RedHat Linux
added 2024/05/22 8:41 p.m.29 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-gunicorn) security update

An update for python-gunicorn is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.2AI score0.02996EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.27 views

Fortinet FortiWeb - Unauthorized Configuration Download (FG-IR-22-460)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-460 advisory. - An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through...

7CVSS5AI score0.00163EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.35 views

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-gunicorn) (RHSA-2024:2727)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2727 advisory. Gunicorn Green Unicorn is a Python WSGI HTTP server for UNIX Security Fixes: HTTP Request Smuggling due to improper validation of Transfer-Encoding...

7.5CVSS7.5AI score0.02996EPSS
Exploits0References4
NVD
NVD
added 2024/05/21 2:15 a.m.15 views

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

6.5CVSS6.5AI score0.00545EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/21 1:23 a.m.20 views

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

6.5CVSS6.5AI score0.00545EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/21 1:23 a.m.16 views

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

6.5CVSS7.3AI score0.00545EPSS
Exploits0References1
CVE
CVE
added 2024/05/21 1:23 a.m.44 views

CVE-2023-37929

CVE-2023-37929 refers to a buffer overflow in the CGI program of the Zyxel VMG3625-T50B firmware (V5.50(ABPM.8)C0). The vulnerability allows an authenticated remote attacker to trigger denial of service by sending a crafted HTTP request to the affected device. CVSSv3.1 metrics indicate an attacke...

6.5CVSS7.2AI score0.00545EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.5 views

Zyxel VMG3625-T50B 安全漏洞

The Zyxel VMG3625-T50B is a WiFi device from China's Heqin Technology Zyxel. A security vulnerability exists in the Zyxel VMG3625-T50B V5.50ABPM.8C0 firmware version, which originates from a CGI program that contains a buffer overflow vulnerability that could allow an authenticated, remote attack...

6.5CVSS6.9AI score0.00545EPSS
Exploits0References2
OSV
OSV
added 2024/05/20 1:15 p.m.18 views

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

7.2CVSS6.7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/20 2:14 a.m.40 views

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References6
OSV
OSV
added 2024/05/20 12:0 a.m.31 views

ALSA-2024:2910 Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References12
AlmaLinux
AlmaLinux
added 2024/05/20 12:0 a.m.55 views

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...

8.2CVSS7.4AI score0.87211EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2024/05/20 12:0 a.m.26 views

RHEL 9 : nodejs (RHSA-2024:2910)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2910 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.2CVSS7AI score0.87211EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.27 views

Oracle Linux 9 : nodejs:20 (ELSA-2024-2853)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2853 advisory. - Backport nghttp2 patch for CVE-2024-28182 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

8.2CVSS7AI score0.87211EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.42 views

EulerOS Virtualization 3.0.6.0 : python-urllib3 (EulerOS-SA-2024-1703)

According to the versions of the python-urllib3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redire...

8.1CVSS6.9AI score0.01207EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 10:2 a.m.49 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js(CVE-2024-27983 & CVE-2024-27982)

Summary IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-27983 DESCRIPTION: Node.js is vulnerable to a denial of service, caused ...

8.2CVSS6.4AI score0.87211EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/16 12:0 a.m.33 views

AlmaLinux 9 : nodejs:20 (ALSA-2024:2853)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2853 advisory. c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to retrieve...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2024/05/16 12:0 a.m.114 views

F5 Networks BIG-IP : The BIG-IP system may fail to block HTTP Request Smuggling attacks (K000132430)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000132430 advisory. The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an...

5.7AI score
Exploits0References1
NVD
NVD
added 2024/05/15 6:15 p.m.23 views

CVE-2024-20394

A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could explo...

5.5CVSS5.4AI score0.00144EPSS
Exploits0References1
Rows per page
Query Builder