Lucene search
K

734 matches found

Cvelist
Cvelist
added 2025/01/20 3:57 p.m.19 views

CVE-2025-24013 CodeIgniter validation of header name and value

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

5.3CVSS0.00477EPSS
Exploits0References4
CVE
CVE
added 2025/01/20 3:57 p.m.68 views

CVE-2025-24013

CodeIgniter (PHP full‑stack framework) has a header validation issue prior to version 4.5.8 in the Header class, allowing construction of deliberately malformed HTTP headers. This could disrupt application functionality and potentially produce invalid HTTP requests; in some cases, remote service ...

5.3CVSS6.9AI score0.00477EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/01/20 3:57 p.m.11 views

CVE-2025-24013 CodeIgniter validation of header name and value

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

5.3CVSS6.7AI score0.00477EPSS
Exploits0References6
CNVD
CNVD
added 2024/12/25 12:0 a.m.9 views

IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2025-00306)

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics...

6.1CVSS6.6AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.2 views

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics...

6.1CVSS6.2AI score0.00268EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/21 7:23 p.m.0 views

org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS5.8AI score0.00399EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.4 views

PT-2024-34666 · .Net · Refit

Name of the Vulnerable Software and Affected Versions: Refit versions prior to 7.2.22 Refit versions prior to 8.0.0 Description: The Refit library for .NET Core, Xamarin, and .NET has a CRLF injection vulnerability in its header-related attributes. This vulnerability occurs because the...

10CVSS7.5AI score0.00535EPSS
Exploits0References13
OSV
OSV
added 2024/10/21 8:15 p.m.8 views

DEBIAN-CVE-2024-50033

In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...

7.1CVSS5.7AI score0.00272EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2024/10/12 7:0 a.m.4 views

netfilter: flowtable: validate vlan header

...

7.1CVSS7.1AI score0.00251EPSS
Exploits0
OSV
OSV
added 2024/09/27 5:21 p.m.11 views

MGASA-2024-0319 Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities

Potential UTF8 size overflow. CVE-2024-21131 Excessive symbol length can lead to infinite loop. CVE-2024-21138 Range Check Elimination RCE pre-loop limit overflow. CVE-2024-21140 Pack200 increase loading time due to improper header validation. CVE-2024-21144 Out-of-bounds access in 2D image...

7.4CVSS5.4AI score0.01257EPSS
Exploits0References6
Veracode
Veracode
added 2024/09/25 7:36 a.m.4 views

HTTP Request Smuggling (HRS)

webrick is vulnerable to HTTP request smuggling. The vulnerability is due to inadequate validation and handling of conflicting HTTP headers Content-Length and Transfer-Encoding, allowing multiple interpretations of a single request...

7.4AI score0.00393EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2024/09/19 10:42 p.m.17 views

CVE-2024-45614

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

5.4CVSS6AI score0.00646EPSS
Exploits0
OSV
OSV
added 2024/09/11 12:49 p.m.9 views

CLSA-2024-1726058957 java-1.8.0-openjdk: Fix of 6 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u422-b05. That fixes following CVEs: - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: Infinite loop vunlerability in SymbolTable - CVE-2024-21140: Int overflow/underflow in Range Check Elimination RCE - CVE-2024-21144: Invalid header...

7.4CVSS6.7AI score0.01257EPSS
Exploits0References1
OSV
OSV
added 2024/09/11 12:46 p.m.5 views

CLSA-2024-1726058773 python3: Fix of CVE-2024-6923

CVE-2024-6923: encode newlines in headers, verify headers are well-formed...

5.5CVSS6.8AI score0.00737EPSS
Exploits0References1
OSV
OSV
added 2024/09/11 12:46 p.m.3 views

CLSA-2024-1726058763 python3: Fix of CVE-2024-6923

CVE-2024-6923: encode newlines in headers, verify headers are well-formed...

5.5CVSS6.8AI score0.00737EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.5 views

Red Hat Migration Toolkit for Virtualization 授权问题漏洞

Red Hat Migration Toolkit for Virtualization is a toolkit from Red Hat, Inc. An authorization issue vulnerability exists in Red Hat Migration Toolkit for Virtualization, which arises from the component Forklift Controller not validating the authorization header beyond ensuring that credential...

7.5CVSS7.7AI score0.00586EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/04 7:54 p.m.28 views

CVE-2024-44983 netfilter: flowtable: validate vlan header

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG:...

0.00251EPSS
Exploits0References5
OSV
OSV
added 2024/08/21 5:3 p.m.6 views

CLSA-2024-1724259788 java-1.8.0-openjdk: Fix of 6 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u422-b05. That fixes following CVEs: - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: Infinite loop vunlerability in SymbolTable - CVE-2024-21140: Int overflow/underflow in Range Check Elimination RCE - CVE-2024-21144: Invalid header...

7.4CVSS6.7AI score0.01257EPSS
Exploits0References1
OSV
OSV
added 2024/08/21 4:54 p.m.8 views

CLSA-2024-1724259268 java-1.8.0-openjdk: Fix of 6 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u422-b05. That fixes following CVEs: - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: Infinite loop vunlerability in SymbolTable - CVE-2024-21140: Int overflow/underflow in Range Check Elimination RCE - CVE-2024-21144: Invalid header...

7.4CVSS6.7AI score0.01257EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/08/08 4:53 a.m.9 views

kernel: wifi: cfg80211: check A-MSDU format more carefully

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more...

7.1CVSS6.7AI score0.00233EPSS
Exploits0References5
Rows per page
Query Builder