Lucene search
K

16603 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.38 views

RHEL 7 : haproxy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - haproxy: data leak via fcgi requests CVE-2023-0836 - An uncontrolled resource consumption vulnerability w...

7.8AI score0.02942EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.30 views

RHEL 8 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: Unitialized buffer due to incorrect encoding CVE-2017-15897 - nodejs: integrity checks according ...

7.6AI score0.03906EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.35 views

RHEL 6 : xerces-c (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xerces-c: Use-after-free in heap on specially crafted XML input CVE-2016-2099 - Stack-based buffer overfl...

8.2AI score0.14138EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.24 views

AlmaLinux 9 : nodejs:18 (ALSA-2024:2779)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2779 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.42 views

RHEL 7 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - tomcat: HTTP request smuggli...

8AI score0.71653EPSS
Exploits26References10
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.86 views

RHEL 7 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd: modproxy: X-Forwarded-For dropped by hop-by-hop mechanism CVE-2022-31813 - Apache HTTP Server...

9.1AI score0.90407EPSS
Exploits3References21
Veracode
Veracode
added 2024/05/10 8:23 a.m.21 views

HTTP Request Smuggling

Next is vulnerable to HTTP Request Smuggling. The vulnerability is due to inconsistent interpretation of a HTTP request, resulting in treating it as both a single request and two separate requests, leading to desynchronized responses. This allows attackers to craft HTTP request to manipulate or...

7.5CVSS6.9AI score0.01022EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 8:17 a.m.43 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor repackages a vulnerable version of Node.js and express. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By...

8.2CVSS7.9AI score0.87211EPSS
Exploits1Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/05/10 12:0 a.m.45 views

Oracle Linux 8 : nodejs:18 (ELSA-2024-2780)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2780 advisory. nodejs 1:18.20.2-1 - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 nodejs-nodemon...

8.2CVSS7.1AI score0.87211EPSS
Exploits2References6
OSV
OSV
added 2024/05/09 9:7 p.m.35 views

GHSA-77R5-GW3J-2MPF Next.js Vulnerable to HTTP Request Smuggling

Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to...

7.5CVSS7.4AI score0.01022EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/09 9:7 p.m.54 views

Next.js Vulnerable to HTTP Request Smuggling

Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to...

7.5CVSS6.6AI score0.01022EPSS
Exploits0References5Affected Software1
Rockylinux
Rockylinux
added 2024/05/09 6:51 p.m.60 views

nodejs:18 security update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

8.2CVSS7.4AI score0.87211EPSS
Exploits2
OSV
OSV
added 2024/05/09 6:50 p.m.70 views

RLSA-2024:2778 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References6
Rockylinux
Rockylinux
added 2024/05/09 6:50 p.m.54 views

nodejs:20 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.2CVSS6.7AI score0.87211EPSS
Exploits2
Rockylinux
Rockylinux
added 2024/05/09 6:50 p.m.49 views

nodejs:18 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.2CVSS6.7AI score0.87211EPSS
Exploits2
CVE
CVE
added 2024/05/09 4:7 p.m.141 views

CVE-2024-34350

CVE-2024-34350 affects Next.js (React framework). The issue arises from inconsistent interpretation of a crafted HTTP request, causing a request to be treated as both a single request and two separate requests, which can poison the response queue. Exploitation requires the affected route to use t...

7.5CVSS6.6AI score0.01022EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/09 4:7 p.m.16 views

CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

7.5CVSS6.7AI score0.01022EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/09 4:7 p.m.23 views

CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

7.5CVSS7.6AI score0.01022EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/09 6:30 a.m.57 views

Important: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2024/05/09 6:29 a.m.44 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References6
Rows per page
Query Builder