Lucene search
K

16602 matches found

OSV
OSV
added 2024/05/15 6:15 p.m.4 views

CVE-2024-20394

A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could explo...

5.5CVSS5.8AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/15 5:23 p.m.16 views

CVE-2024-20369

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

4.7CVSS5.1AI score0.00312EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 5:23 p.m.57 views

CVE-2024-20369

CVE-2024-20369 affects Cisco Crosswork Network Services Orchestrator (NSO) Web UI. The issue is improper input validation of a parameter in an HTTP request, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malicious website. Documented...

6.1CVSS6.7AI score0.00312EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2024/05/15 4:0 p.m.22 views

Cisco AppDynamics Network Visibility Service Denial of Service Vulnerability

A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could explo...

5.5CVSS5.4AI score0.00144EPSS
Exploits0References1
Cisco
Cisco
added 2024/05/15 4:0 p.m.21 views

Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

4.7CVSS5.5AI score0.00312EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/15 11:35 a.m.43 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 12:45 a.m.46 views

Security Bulletin: Multiple security vulnerabilities in Eclipse Jetty affect IBM Security Directory Integrator

Summary The IBM Security Directory Integrator was vulnerable to multiple security vulnerabilities in the Eclipse Jetty component. This was addressed in version 10 of the IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2017-9735 DESCRIPTION: Jetty could allow a remote attacker t...

9.8CVSS9AI score0.7848EPSS
Exploits5Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.6 views

PT-2024-4565 · Cisco · Cisco Appdynamics Network Visibility Agent

Name of the Vulnerable Software and Affected Versions: Cisco AppDynamics Network Visibility Agent affected versions not specified Description: The issue is caused by the inability to handle unexpected input, allowing an unauthenticated, local attacker to cause a denial of service DoS condition on...

5.5CVSS6.9AI score0.00144EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/05/15 12:0 a.m.36 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

8.2CVSS7.3AI score0.87211EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2024/05/15 12:0 a.m.33 views

RHEL 9 : nodejs:20 (RHSA-2024:2853)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2853 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.2CVSS7AI score0.87211EPSS
Exploits2References12
OSV
OSV
added 2024/05/15 12:0 a.m.34 views

ALSA-2024:2853 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References12
F5 Networks
F5 Networks
added 2024/05/14 10:29 p.m.48 views

K000139615: Node.js vulnerability CVE-2024-27982

Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...

6.5CVSS7.2AI score0.01155EPSS
Exploits0
CVE
CVE
added 2024/05/14 4:19 p.m.81 views

CVE-2023-45583

The CVE-2023-45583 vulnerability is a use of externally-controlled format string affecting Fortinet FortiProxy, FortiPAM, FortiOS, and FortiSwitchManager across multiple versions (e.g., FortiProxy 7.2.0–7.2.5, 7.0.x, 2.0.x, 1.x; FortiOS 7.x and 6.x; FortiPAM 1.x; FortiSwitchManager 7.x). The unde...

7.2CVSS6.8AI score0.00654EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/14 3:38 p.m.17 views

CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

7.5CVSS7.4AI score0.01022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/13 12:31 p.m.12 views

CVE-2024-4817 Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manageuser.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resourc...

6.5CVSS7.2AI score0.00922EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/05/13 12:31 p.m.27 views

CVE-2024-4817 Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manageuser.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resourc...

6.5CVSS6.9AI score0.00922EPSS
Exploits1References4
CVE
CVE
added 2024/05/13 12:31 p.m.46 views

CVE-2024-4817

CVE-2024-4817 affects Campcodes Online Laundry Management System v1.0, in the HTTP Request Parameter Handler (manage_user.php). The issue is an improper control of resource identifiers caused by unsafely handling the non-validated id parameter, enabling remote exploitation. Publicly disclosed exp...

8.8CVSS7.2AI score0.00922EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:56 p.m.59 views

Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-1135, CVE-2024-26130, CVE-2024-23829, CVE-2024-2334, CVE-2023-49081, CVE-2023-49082. Vulnerability Details CVEID:CVE-2024-11...

7.5CVSS7.6AI score0.76875EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:56 p.m.41 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-23829, CVE-2024-23334, CVE-2024-1135, CVE-2024-26130. Vulnerability Details CVEID:CVE-2024-23829 DESCRIPTION: aio-libs...

7.5CVSS7.5AI score0.76875EPSS
Exploits16Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.24 views

AlmaLinux 9 : nodejs:18 (ALSA-2024:2779)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2779 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References6
Rows per page
Query Builder