Lucene search
+L

362 matches found

Cvelist
Cvelist
added 2025/02/11 9:50 p.m.22 views

CVE-2024-32037 GeoNetwork vulnerable to search end-point information disclosure in response headers

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...

0.00366EPSS
Exploits0References4
CVE
CVE
added 2025/02/11 9:50 p.m.118 views

CVE-2024-32037

GeoNetwork vulnerable versions prior to 4.2.10 and 4.4.5 disclose Elasticsearch software info via search-endpoint response headers. The issue allows server software identification. A fix is available in GeoNetwork 4.2.10 and 4.4.5; no public workarounds are listed. Remediation: upgrade to 4.2.10 ...

5.3CVSS3.6AI score0.00366EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 2:11 a.m.8 views

CVE-2024-2377

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information...

7.6CVSS6.8AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/01/12 9:46 p.m.121 views

CVE-2024-42179

CVE-2024-42179 describes a sensitive information disclosure in HCL MyXalytics where the HTTP response header reveals the server software name and version (Microsoft-HTTP API/2.0). The underlying issue is exposure of server identity, not a direct code execution vector. Public sources in the connec...

2.7CVSS3.6AI score0.00224EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.29 views

RHEL 8 : httpd:2.4 (RHSA-2024:6467)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6467 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...

9.8CVSS7.4AI score0.41611EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.26 views

RHEL 8 : httpd:2.4 (RHSA-2024:6468)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6468 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...

9.8CVSS7.4AI score0.41611EPSS
Exploits0References4
OSV
OSV
added 2024/10/25 7:15 a.m.4 views

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

6.1CVSS7.3AI score0.00335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.7 views

PT-2024-32651 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of query parameters in HTTP requests, which may lead to the contamination of unintended data in HTTP response headers...

7.4CVSS6.8AI score0.00335EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/10/11 2:20 p.m.16 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS6.7AI score0.0044EPSS
Exploits1References3
CVE
CVE
added 2024/10/11 2:20 p.m.70 views

CVE-2024-25622

Technical details about CVE-2024-25622 are not publicly provided in the connected documents. The available sources reiterate the issue and the fix commit; monitor for updates from vendor advisories for affected products, versions, and remediation steps.

4.3CVSS3.7AI score0.0044EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/10/11 2:20 p.m.25 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS0.0044EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/09/25 11:22 a.m.8 views

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

9.8CVSS7.1AI score0.41611EPSS
Exploits0References5
Rosalinux
Rosalinux
added 2024/09/25 9:36 a.m.35 views

Advisory ROSA-SA-2024-2477

software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...

9.3CVSS7.1AI score0.85944EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/08/26 8:9 a.m.6 views

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

9.8CVSS7.1AI score0.41611EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/26 7:39 a.m.3 views

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

9.8CVSS7.1AI score0.41611EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2024/08/21 2:53 p.m.93 views

httpd security update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

9.8CVSS9.5AI score0.41611EPSS
Exploits0
OSV
OSV
added 2024/08/21 2:53 p.m.30 views

RLSA-2024:5138 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...

9.8CVSS8.9AI score0.41611EPSS
Exploits0References2
OSV
OSV
added 2024/08/21 2:52 p.m.35 views

RLSA-2024:5193 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...

9.8CVSS8.9AI score0.41611EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/08/12 2:39 a.m.241 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7AI score0.41611EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/08/12 2:39 a.m.14 views

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

9.8CVSS7.1AI score0.41611EPSS
Exploits0References5
Rows per page
Query Builder