CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2024/07/23 12:0 a.m.•19 views

RHEL 9 : libuv (RHSA-2024:4756)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4756 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: Improper Domain Lookup that potentially leads to...

OSV•added 2024/07/23 12:0 a.m.•17 views

Exploits1References5

ALSA-2024:4756 Moderate: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Tenable Nessus•added 2024/07/18 12:0 a.m.•9 views

Exploits1References4

EulerOS Virtualization 2.10.1 : libuv (EulerOS-SA-2024-2004)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

Ubuntu•added 2024/07/11 5:25 p.m.•90 views

USN-6885-2: Apache HTTP Server regression

USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Marc Stern discovered that the Apache HTTP Server...

7.6AI score

Exploits0References1

Tenable Nessus•added 2024/07/08 12:0 a.m.•100 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Apache HTTP Server vulnerabilities (USN-6885-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6885-1 advisory. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2...

9.8CVSS7.7AI score0.99957EPSS

Exploits2References9

RedHat Linux•added 2024/07/02 3:41 p.m.•16 views

Moderate: Red Hat Security Advisory: libuv security update

An update for libuv is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.3CVSS6.8AI score0.02003EPSS

Positive Technologies•added 2024/07/01 12:0 a.m.•13 views

PT-2024-4623

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.59 and earlier Description: The issue is related to the core of the Apache HTTP Server, where malicious or exploitable response headers from backend applications can lead to information disclosure, Server-Side...

10CVSS8.8AI score0.41611EPSS

Exploits0References140

Cvelist•added 2024/06/06 6:39 p.m.•22 views

CVE-2024-4851 SSRF Vulnerability in stangirard/quivr

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

7.7CVSS0.00576EPSS

Exploits1References1

Cvelist•added 2024/06/06 5:19 p.m.•18 views

CVE-2024-3152 Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS0.00569EPSS

CVE•added 2024/06/06 5:19 p.m.•49 views

CVE-2024-3152

The CVE-2024-3152 entry for mintplex-labs/anything-llm has concrete technical details in the connected records: multiple endpoints suffer from improper input validation passed to Prisma and other critical operations, enabling privilege escalation from a default user to admin, read/delete of arbit...

8.8CVSS9.4AI score0.00569EPSS

Exploits1References2Affected Software1

OpenVAS•added 2024/06/03 12:0 a.m.•35 views

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Positive Technologies•added 2024/05/31 12:0 a.m.•11 views

PT-2024-31213 · WordPress · Wp Staging

Name of the Vulnerable Software and Affected Versions: WP STAGING WordPress Backup Plugin versions prior to 3.5.0 Description: The issue allows users with the administrator role to conduct SSRF attacks, which may be problematic in multisite configurations. This is due to the lack of prevention of...

7.5CVSS6.2AI score0.00591EPSS

Exploits2References4

OpenVAS•added 2024/05/30 12:0 a.m.•19 views

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1766)

Tenable Nessus•added 2024/05/30 12:0 a.m.•20 views

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1743)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

Tenable Nessus•added 2024/05/29 12:0 a.m.•15 views

EulerOS Virtualization 2.11.1 : libuv (EulerOS-SA-2024-1717)

OpenVAS•added 2024/05/10 12:0 a.m.•19 views

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1594)