Lucene search
K

195 matches found

OSV
OSV
added 2024/09/20 3:13 p.m.19 views

SUSE-SU-2024:3357-1 Security update for python310

This update for python310 fixes the following issues: - Update to version 3.10.15 - CVE-2024-8088: Fixed denial of service in zipfile. bsc1229704 - CVE-2024-7592: Fixed uncontrolled CPU resource consumption when in http.cookies module. bsc1229596 - CVE-2024-6232: Fixed ReDos via excessive...

8.7CVSS7AI score0.02303EPSS
Exploits3References7
OSV
OSV
added 2024/09/18 12:52 p.m.18 views

SUSE-SU-2024:3303-1 Security update for python312

This update for python312 fixes the following issues: - Update to 3.12.6 - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module. bsc1228780. - CVE-2024-7592: Fixed Email header injection due to unquoted newlines. bsc1229596 - CVE-2024-6232: Fixed ReDos via...

8.7CVSS7.2AI score0.02303EPSS
Exploits3References10
Cvelist
Cvelist
added 2024/09/10 9:42 p.m.20 views

CVE-2024-45597 Pluto's http.request allows CR and LF in header values

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

5.3CVSS0.00309EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/10 9:42 p.m.10 views

CVE-2024-45597 Pluto's http.request allows CR and LF in header values

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.3 views

Pluto 注入漏洞

Pluto is a unique language for Lua open-sourced by PlutoLang. It is used for general-purpose programming. An injection vulnerability exists in Pluto versions 0.9.0 through 0.9.4, which stems from the fact that scripts passing user-controlled values to the http.request header value can be affected...

5.3CVSS7.4AI score0.00309EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-31699 · Pluto · Pluto

Name of the Vulnerable Software and Affected Versions: Pluto affected versions not specified Description: The issue affects scripts that pass user-controlled values to http.request header values. An attacker could exploit this to send arbitrary requests, potentially leveraging authentication toke...

5.3CVSS7.2AI score0.00309EPSS
Exploits0References7
Veracode
Veracode
added 2024/08/08 7:19 a.m.11 views

Incorrect Handling Of HTTP Headers

github.com/envoyproxy/envoy is vulnerable to Incorrect Handling of HTTP Headers. The vulnerability is due to setCopy header map API not replacing all existing occurrences of a non-inline header and only considering the first value when multiple header values are present. This allows an attackers ...

8.3CVSS6.6AI score0.01317EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2024/06/11 6:26 a.m.22 views

CRLF Injection

tornado is vulnerable to CRLF Injection. The vulnerability is due to improper CR/LF checks allowing for the inclusion of attacker-controlled header values in requests, which allows arbitrary headers or requests to be sent to a specified server...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2024/06/04 1:8 p.m.4 views

SUSE CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy's setCopy header map API does not replace all existing occurences of a non-inline header...

8.3CVSS8.2AI score0.01317EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/05/23 10:45 p.m.2 views

jetty: hpack header values cause denial of service in http/2

A flaw was found in Jetty http2-hpack and http3-qpack. If header values exceed the size limit and Huffman is the trueMetaDataBuilder.checkSize, the multiplication will overflow, and the length will become negative, causing a large buffer allocation on the server, leading to a Denial of Service Do...

7.5CVSS7.3AI score0.03754EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.5 views

PT-2024-2567 · Unknown +2 · Erlang-Jose +2

Name of the Vulnerable Software and Affected Versions: erlang-jose versions through 1.11.6 Description: The issue is related to an uncontrolled resource consumption in the erlang-jose module for JSON object signing and encryption for Erlang and Elixir languages. This can be exploited by a remote...

7.8CVSS5.5AI score0.00887EPSS
Exploits0References25
OSV
OSV
added 2024/03/14 5:22 p.m.4 views

CLSA-2024-1710436968 squid: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

7.5CVSS5.8AI score0.88864EPSS
Exploits0References1
OSV
OSV
added 2024/03/14 5:21 p.m.4 views

CLSA-2024-1710436895 squid: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:54 a.m.17 views

BIT-JUPYTER-NOTEBOOK-2022-24758 Insertion of Sensitive Information into Log File affects Jupyter Notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...

7.5CVSS7.5AI score0.01054EPSS
Exploits0References2
NVD
NVD
added 2024/01/24 8:15 p.m.22 views

CVE-2024-23644

Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...

8.1CVSS7.3AI score0.00632EPSS
Exploits0References3
RustSec
RustSec
added 2024/01/23 12:0 p.m.6 views

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...

8.1CVSS7.3AI score0.00632EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.4 views

PT-2024-19995 · Unknown · Trillium-Http +1

Name of the Vulnerable Software and Affected Versions: trillium-http versions prior to 0.3.12 trillium-client versions prior to 0.5.4 Description: Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...

8.1CVSS8.1AI score0.00632EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2023/11/15 5:7 p.m.1 views

jetty: hpack header values cause denial of service in http/2

A flaw was found in Jetty http2-hpack and http3-qpack. If header values exceed the size limit and Huffman is the trueMetaDataBuilder.checkSize, the multiplication will overflow, and the length will become negative, causing a large buffer allocation on the server, leading to a Denial of Service Do...

7.5CVSS7.2AI score0.03754EPSS
Exploits1References9
Veracode
Veracode
added 2023/10/24 2:58 a.m.34 views

Buffer Overflow

libz.so is vulnerable to Buffer Overflow. The vulnerability is present due to the absence of length checks in the filename, extrafield, and comment parameters within the zip.c. This oversight enables an attacker to trigger an integer overflow, leading to a heap-based buffer overflow in the...

9.8CVSS7.5AI score0.02918EPSS
Exploits0References13Affected Software5
Tenable Nessus
Tenable Nessus
added 2023/09/19 12:0 a.m.29 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Node.js vulnerabilities (USN-6380-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6380-1 advisory. Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into...

9.8CVSS8.1AI score0.57132EPSS
Exploits6References7
Rows per page
Query Builder