Lucene search
K

16603 matches found

OSV
OSV
added 2024/05/07 5:15 p.m.8 views

AZL-40352 CVE-2024-27982 affecting package nodejs18 for versions less than 18.20.2-1

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

6.5CVSS6.9AI score0.01155EPSS
Exploits0References1
NVD
NVD
added 2024/05/07 5:15 p.m.27 views

CVE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

6.5CVSS6AI score0.01155EPSS
Exploits0References6
OSV
OSV
added 2024/05/07 5:15 p.m.27 views

CVE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

6.5AI score
Exploits0References2
Cvelist
Cvelist
added 2024/05/07 4:40 p.m.29 views

CVE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

6.5CVSS6.2AI score0.01155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/07 4:40 p.m.34 views

CVE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

6.5CVSS6.6AI score0.01155EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/05/07 4:40 p.m.39 views

CVE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

6.5CVSS7.5AI score0.01155EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/05/07 4:40 p.m.44 views

CVE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

6.5CVSS6.2AI score0.01155EPSS
Exploits0
NVD
NVD
added 2024/05/07 2:15 p.m.11 views

CVE-2023-46012

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP...

9.8CVSS7.6AI score0.01623EPSS
Exploits2References1
OSV
OSV
added 2024/05/07 2:12 p.m.21 views

CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

7.5CVSS7.1AI score0.00593EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/07 2:12 p.m.12 views

CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

7.5CVSS6.6AI score0.00593EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/05/07 1:2 p.m.17 views

Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

7.5CVSS7.4AI score0.00593EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2024/05/07 12:0 a.m.13 views

CVE-2023-46012

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP...

7.9AI score0.01623EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/05/07 12:0 a.m.11 views

CVE-2023-46012

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP...

8AI score0.01623EPSS
Exploits2References1
CVE
CVE
added 2024/05/07 12:0 a.m.76 views

CVE-2023-46012

The CVE-2023-46012 entry refers to a Buffer Overflow in Linksys EA7500 firmware (version 3.0.1.207964) affecting the IGD UPnP service. Public sources describe a vulnerable path in the UPnP IGD handling in which the HTTP request data is copied into a fixed 184‑byte stack buffer during processing o...

9.8CVSS7.9AI score0.01623EPSS
Exploits2References1Affected Software1
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2024:1440-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.02996EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2024:1355-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.8AI score0.87211EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2024:1346-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.8AI score0.87211EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2024:1306-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.8AI score0.87211EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.28 views

aiohttp < 3.8.5 HTTP Request Smuggling Vulnerability - Windows

aiohttp is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS8.8AI score0.03906EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.35 views

aiohttp < 3.8.6 HTTP Request Smuggling Vulnerability - Windows

aiohttp is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.5AI score0.0085EPSS
Exploits1References1
Rows per page
Query Builder