Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

331 matches found

Veracode
Veracodeadded 2022/04/19 5:56 a.m.22 views

Denial Of Service (DoS)

github.com/swaggo/http-swagger is vulnerable to denial of service. The vulnerability exists in the Handler function in swagger.godue to the non-standard http method which allows an attacker to cause the system crash...

7.5CVSS1.9AI score0.00239EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessusadded 2022/01/20 12:0 a.m.35 views

RHEL 7 / 8 : OpenShift Container Platform 4.7.41 (RHSA-2022:0114)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0114 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

7.5CVSS7.2AI score0.92378EPSS
Exploits5References7
RedHat Linux
RedHat Linuxadded 2022/01/19 1:25 p.m.38 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.41 security update

Red Hat OpenShift Container Platform release 4.7.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a...

7.5CVSS7AI score0.92378EPSS
Exploits5References3
Tenable Nessus
Tenable Nessusadded 2022/01/13 12:0 a.m.45 views

RHEL 7 / 8 : OpenShift Container Platform 4.6.53 (RHSA-2022:0024)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0024 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

7.5CVSS7.2AI score0.92378EPSS
Exploits5References8
RedHat Linux
RedHat Linuxadded 2022/01/12 8:49 a.m.39 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.53 security update

Red Hat OpenShift Container Platform release 4.6.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a...

7.5CVSS6.9AI score0.92378EPSS
Exploits5References4
Github Security Blog
Github Security Blogadded 2021/12/14 9:43 p.m.27 views

HTTP Method Spoofing

Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests...

7.5CVSS1.6AI score0.00389EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2021/12/14 6:15 p.m.16 views

CVE-2021-43807

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...

7.5CVSS0.00389EPSS
Exploits1References3
OSV
OSVadded 2021/12/14 6:15 p.m.24 views

CVE-2021-43807

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...

6.5CVSS6.7AI score
Exploits0References3
Prion
Prionadded 2021/12/14 6:15 p.m.11 views

Cross site request forgery (csrf)

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...

4.3CVSS6.3AI score0.00389EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2021/12/14 6:10 p.m.21 views

CVE-2021-43807 HTTP Method Spoofing in Opencast

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...

7.5CVSS7.7AI score0.00389EPSS
Exploits1References3
CVE
CVEadded 2021/12/14 6:10 p.m.62 views

CVE-2021-43807

Opencast is vulnerable to HTTP method spoofing in versions prior to 9.10. An attacker can override the intended HTTP method via a URL parameter, turning GET into PUT or form submissions into DELETE, enabling state-changing actions and CSRF bypasses. The issue is fixed in Opencast 9.10 and 10.0. M...

7.5CVSS6.6AI score0.00389EPSS
Exploits1References3Affected Software1
Kitploit
Kitploitadded 2021/11/28 11:30 a.m.21 views

4-ZERO-3 - 403/401 Bypass Methods + Bash Automation

Introduction 4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same. NOTE : If you see multiple 200 Ok/bypasses as output, you must check the Content-Length. If the content-length is same for multiple 200 Ok/bypasses means false positive. Reason can be...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2021/11/12 12:0 a.m.31 views

RHEL 7 / 8 : OpenShift Container Platform 4.9.6 packages and (RHSA-2021:4118)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4118 advisory. - haproxy: does not ensure that the scheme and path portions of a URI have the expected characters CVE-2021-39240 - haproxy: an HTTP...

7.5CVSS7.2AI score0.92378EPSS
Exploits5References13
Tenable Nessus
Tenable Nessusadded 2021/11/11 12:0 a.m.29 views

EulerOS 2.0 SP9 : haproxy (EulerOS-SA-2021-2712)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contai...

7.5CVSS6.5AI score0.00467EPSS
Exploits0References3
OSV
OSVadded 2021/10/12 6:19 a.m.24 views

SUSE-SU-2021:3335-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. bsc1190703 - CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. bsc1190702 - CVE-2021-39275: Fixed an out-of-bounds write in apescapequotes via malicious inpu...

9.8CVSS8.5AI score0.94432EPSS
Exploits6References11
Veracode
Veracodeadded 2021/08/20 3:42 a.m.3 views

Privilege Escalation

HAProxy is vulnerable to privilege escalation. The vulnerability exists due to a flaw in HTTP method name that when it contains a space followed by the name of a protected resource, it is possible that a server would interpret this as a request for that protected resource, such as in the "GET...

5.3CVSS6.5AI score0.00444EPSS
Exploits0References10Affected Software8
NVD
NVDadded 2021/08/17 7:15 p.m.21 views

CVE-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

5.3CVSS0.00444EPSS
Exploits0References5
OSV
OSVadded 2021/08/17 7:15 p.m.1 views

DEBIAN-CVE-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

5.3CVSS5.5AI score0.00444EPSS
Exploits0References1
OSV
OSVadded 2021/08/17 7:15 p.m.21 views

CVE-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

5.3CVSS7.5AI score
Exploits0References5
UbuntuCve
UbuntuCveadded 2021/08/17 7:15 p.m.26 views

CVE-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

5.3CVSS6.1AI score0.00444EPSS
Exploits0References3
Rows per page
Query Builder