Lucene search
K

3718 matches found

Vulnrichment
Vulnrichment
added 2023/11/15 12:0 a.m.16 views

CVE-2023-48365

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...

9.6CVSS8.1AI score0.24676EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/11/14 3:32 p.m.5 views

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.11 views

PT-2023-7288 · Unknown · Weston Embedded Uc-Http

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A memory corruption issue exists in the HTTP Server header parsing functionality. This can be exploited by sending specially crafted network packets, potentially leading to code execution. ...

10CVSS9.6AI score0.01475EPSS
Exploits1References6
NVD
NVD
added 2023/11/09 11:15 p.m.19 views

CVE-2018-8863

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

7.5CVSS0.00539EPSS
Exploits0References1
OSV
OSV
added 2023/11/09 11:15 p.m.3 views

CVE-2018-8863

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

7.5CVSS5.8AI score0.00539EPSS
Exploits0References1
Prion
Prion
added 2023/11/09 11:15 p.m.12 views

Hardcoded credentials

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

5CVSS7AI score0.00539EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/09 10:46 p.m.52 views

CVE-2018-8863

CVE-2018-8863 affects Philips EncoreAnywhere (APAC hosted web app); vulnerability arises from an HTTP header that exposes data enabling information disclosure. Affected product/version: EncoreAnywhere 2.36.3.3 or earlier. Impact: confidentiality impact (data exposure); CVSSv3 base score 5.9 (scor...

7.5CVSS6.6AI score0.00539EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.5 views

PT-2023-11230 · Philips · Philips Encoreanywhere

Name of the Vulnerable Software and Affected Versions: Philips EncoreAnywhere affected versions not specified Description: The issue concerns the HTTP header in Philips EncoreAnywhere, which contains data that an attacker may be able to use to gain sensitive information. Recommendations: At the...

7.5CVSS6.9AI score0.00539EPSS
Exploits0References4
Cloud Foundry
Cloud Foundry
added 2023/11/09 12:0 a.m.28 views

USN-6473-1: urllib3 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 22.04 Description It was discovered that urllib3 didn’t strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. Thi...

8.1CVSS7.1AI score0.01207EPSS
Exploits0Affected Software2
Github Security Blog
Github Security Blog
added 2023/11/08 9:30 p.m.329 views

Axios Cross-Site Request Forgery Vulnerability

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.5CVSS6.7AI score0.00556EPSS
Exploits1References12Affected Software1
OSV
OSV
added 2023/11/08 9:30 p.m.41 views

GHSA-WF5P-G6VW-RHXX Axios Cross-Site Request Forgery Vulnerability

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.5CVSS6.8AI score0.00556EPSS
Exploits1References12
NVD
NVD
added 2023/11/08 9:15 p.m.16 views

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.5CVSS0.00556EPSS
Exploits1References2
OSV
OSV
added 2023/11/08 9:15 p.m.1 views

DEBIAN-CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.5CVSS7AI score0.00556EPSS
Exploits1References1
OSV
OSV
added 2023/11/08 9:15 p.m.32 views

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.5CVSS6.3AI score
Exploits0References2
Prion
Prion
added 2023/11/08 9:15 p.m.21 views

Design/Logic Flaw

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

4.3CVSS6.5AI score0.00556EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/11/08 9:15 p.m.134 views

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.5CVSS6.9AI score0.00556EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/08 12:0 a.m.20 views

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.5AI score0.00556EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/11/08 12:0 a.m.25 views

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.8AI score0.00556EPSS
Exploits1References2
CVE
CVE
added 2023/11/08 12:0 a.m.528 views

CVE-2023-45857

CVE-2023-45857 - Axios XSRF token exposure : The issue in Axios 1.5.1 causes the confidential XSRF-TOKEN stored in cookies to be included in the HTTP header X-XSRF-TOKEN for every request, potentially allowing an attacker to view sensitive information. The public metrics indicate a CVSS v3.1 base...

6.5CVSS6.1AI score0.00556EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2023/11/08 12:0 a.m.25 views

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.5CVSS7.1AI score0.00556EPSS
Exploits1
Rows per page
Query Builder