Lucene search
K

70 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 8:15 p.m.8 views

CVE-2022-4541

The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00438EPSS
Exploits0References1
OSV
OSV
added 2025/01/30 8:15 p.m.7 views

AZL-56204 CVE-2024-10603 affecting package podman for versions less than 5.6.1-2

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...

6.3CVSS5.7AI score0.00258EPSS
Exploits1References1
OSV
OSV
added 2025/01/30 8:15 p.m.14 views

AZL-56195 CVE-2024-10603 affecting package podman 4.1.1-26

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...

6.3CVSS5.7AI score0.00258EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-1598 · Google · Gvisor

Name of the Vulnerable Software and Affected Versions: gVisor affected versions not specified Description: The issue concerns weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor. This allowed an external attacker to predict these values in certain...

6.3CVSS5.9AI score0.00258EPSS
Exploits1References14
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.3 views

Google gVisor 安全漏洞

Google gVisor is a user-space kernel written in the Go language for use in Linux systems. A security vulnerability exists in Google gVisor that stems from a weak mechanism for generating TCP/UDP source port equivalents, which makes it susceptible to the Port and Header Value Predictability...

6.3CVSS6.2AI score0.00258EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/11/04 8:13 p.m.5 views

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

7.5CVSS6.8AI score0.00814EPSS
Exploits0References4
OSV
OSV
added 2024/09/26 10:15 a.m.5 views

CVE-2022-4541

The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00438EPSS
Exploits0References3
NVD
NVD
added 2024/09/19 11:15 p.m.29 views

CVE-2024-45614

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

5.4CVSS0.00646EPSS
Exploits0References3
OSV
OSV
added 2024/03/18 7:10 p.m.7 views

CLSA-2024-1710789017 Fix CVE(s): CVE-2024-25617

SECURITY UPDATE: Denial of Service attack against HTTP header parsing - debian/patches/CVE-2024-25617.patch: Improve handling of expanding HTTP header values - CVE-2024-25617...

7.5CVSS5.8AI score0.88864EPSS
Exploits0References1
OSV
OSV
added 2024/03/08 11:7 a.m.5 views

OESA-2024-1250 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP wi...

6.5CVSS9.1AI score0.01103EPSS
Exploits1References2
OSV
OSV
added 2024/02/11 12:0 a.m.55 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS7AI score0.00814EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/11 12:0 a.m.6 views

Connect2id Nimbus JOSE+JWT Security Vulnerability

Connect2id Nimbus JOSE+JWT is a Java-based open source JWT JSON Web Tokens implementation from Connect2id. A security vulnerability exists in Connect2id Nimbus JOSE+JWT versions prior to 9.37.2 that stems from an attacker being able to cause a denial of service via a header value...

7.5CVSS6.7AI score0.00814EPSS
Exploits0References9
OSV
OSV
added 2023/10/12 4:15 p.m.6 views

CVE-2023-23581

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service...

7.5CVSS7.3AI score0.00834EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2023/08/30 12:0 a.m.27 views

Prevent logging invalid header values

Impact What kind of vulnerability is it? Apollo Server can log sensitive information Studio API keys if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Who is impacted? Users who all of the below: use either t...

6.7AI score
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2023/03/14 6:47 p.m.6 views

Streams: component version with information disclosure flaw

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

5.5CVSS7.1AI score0.00436EPSS
Exploits1References5
CloudLinux
CloudLinux
added 2023/03/02 9:18 p.m.86 views

tar: Fix of CVE-2022-48303

CVE-2022-48303: check for the end of field after leading byte 0x80 or 0xff of base-256 encoded header value...

5.5CVSS7.8AI score0.04524EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.2 views

SUSE CVE-2018-14884

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because httpheadervalue in ext/standard/httpfopenwrapper.c can be a NULL value that is mishandled in an atoi call...

7.5CVSS7AI score0.03185EPSS
Exploits1References3
OSV
OSV
added 2023/01/17 8:15 p.m.1 views

DEBIAN-CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

7.5CVSS7.5AI score0.03546EPSS
Exploits0References1
OSV
OSV
added 2023/01/17 8:15 p.m.5 views

UBUNTU-CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

7.5CVSS7.1AI score0.03546EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/01/17 7:29 p.m.5 views

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

6.5CVSS6.6AI score0.01103EPSS
Exploits1References6
Rows per page
Query Builder