Lucene search
K

155 matches found

OSV
OSV
added 2025/05/12 12:0 a.m.11 views

ALSA-2025:4791 Moderate: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS6.6AI score0.0069EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2025/05/12 12:0 a.m.27 views

Moderate: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS6.7AI score0.0069EPSS
Exploits1References4
OSV
OSV
added 2024/06/07 8:2 p.m.10 views

GHSA-XFFP-6W68-4775 Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`

The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol IP address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into accou...

7.5CVSS7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/06/07 8:2 p.m.19 views

Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`

The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol IP address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into accou...

7AI score
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/05/31 7:58 a.m.18 views

Improper Input Validation

Symfony is vulnerable to Improper Input Validation. The vulnerability is due to trusting the remote address when at least one trusted proxy is involved, allowing an attacker to manipulate HTTP header values...

6.6AI score0.00785EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.4 views

PT-2024-40188 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe affected versions not specified Description: The issue allows spoofing of HTTP headers, which can lead to various security problems, including bypassing IP restrictions and SSL enforcement. This is due to SilverStripe trusting...

6.5CVSS7.2AI score
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/12/25 2:11 a.m.4 views

SUSE CVE-2023-49792

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a reverse proxy is configured as truste...

9.8CVSS7.1AI score0.01041EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.7 views

Nextcloud Security Breach

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server that stems from the fact that when a proxy is configured as a trusted proxy, the server may be tricked...

9.8CVSS7AI score0.01041EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.7 views

PT-2023-8424 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.9 and 27.1.4 Nextcloud Enterprise Server versions prior to 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 Description: The issue is related to the lack of restrictions on authentication attempts,...

10CVSS6.2AI score0.01041EPSS
Exploits6References93
ATTACKERKB
ATTACKERKB
added 2023/12/10 11:15 p.m.3 views

CVE-2023-50463

The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...

6.5CVSS6.6AI score0.00655EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/12/10 12:0 a.m.23 views

CVE-2023-50463

The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...

6.5CVSS7AI score0.00655EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/10 12:0 a.m.5 views

PT-2023-31567 · Caddy · Caddy-Geo-Ip

Name of the Vulnerable Software and Affected Versions: caddy-geo-ip versions 0.6.0 and earlier for Caddy 2 Description: The issue allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism, such as the trusted proxy directive in revers...

6.5CVSS6.2AI score0.00655EPSS
Exploits0References12
NVD
NVD
added 2023/07/17 11:15 a.m.51 views

CVE-2023-34036

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS0.00403EPSS
Exploits0References1
Prion
Prion
added 2023/07/17 11:15 a.m.16 views

Design/Logic Flaw

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5CVSS5.6AI score0.00403EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/17 10:0 a.m.12 views

CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS6.8AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/17 10:0 a.m.48 views

CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS5.5AI score0.00403EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.3 views

SUSE CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...

4.9CVSS8.1AI score0.52873EPSS
Exploits0References5
OSV
OSV
added 2022/11/16 11:35 a.m.5 views

SUSE-SU-2022:4013-1 Security update for apache2-mod_wsgi

This update for apache2-modwsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. bsc1201634...

7.5CVSS7.4AI score0.0069EPSS
Exploits1References3
OSV
OSV
added 2022/11/16 10:7 a.m.6 views

SUSE-SU-2022:4010-1 Security update for apache2-mod_wsgi

This update for apache2-modwsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. bsc1201634...

7.5CVSS7.4AI score0.0069EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/04/06 7:28 p.m.5 views

httpd: null-pointer dereference in mod_remoteip

A vulnerability was discovered in Apache httpd, in modremoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue...

7.2CVSS7.3AI score0.52873EPSS
Exploits0References5
Rows per page
Query Builder