Lucene search
+L

47 matches found

SUSE Linux
SUSE Linux
added 2025/09/15 1:23 p.m.3 views

Security update for rabbitmq-server313

This update for rabbitmq-server313 fixes the following issues: CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request bsc1245105 Fixed bad logrotate configuration allowing potential escalation from rabbitmq to root bsc1246091 Patch Instructions: To install this SUSE update use th...

6.7CVSS7.2AI score0.00194EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/09/11 12:0 p.m.14 views

Moderate: Red Hat Security Advisory: php:8.2 security update

An update for the php:8.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.02286EPSS
Exploits5References9
OSV
OSV
added 2025/09/11 12:0 a.m.8 views

ALSA-2025:15687 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

9.8CVSS7.1AI score0.02286EPSS
Exploits5References18
Tenable Nessus
Tenable Nessus
added 2025/09/11 12:0 a.m.6 views

RHEL 8 : php:8.2 (RHSA-2025:15687)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15687 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap...

9.8CVSS7.6AI score0.02286EPSS
Exploits5References19
Vulnrichment
Vulnrichment
added 2025/04/14 11:15 p.m.10 views

CVE-2025-31491 AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...

8.6CVSS6.7AI score0.00455EPSS
Exploits1References1
Amazon
Amazon
added 2025/04/14 12:0 a.m.10 views

Medium: php8.2

Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...

9.8CVSS6.8AI score0.00821EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.21 views

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-916)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-916 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...

9.8CVSS6.2AI score0.00821EPSS
Exploits2References12
SUSE Linux
SUSE Linux
added 2025/03/25 12:47 p.m.3 views

Security update for php8

This update for php8 fixes the following issues: CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers bsc1239664 CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 CVE-2025-1219: Fixed libxml streams using wrong...

7.3CVSS5.9AI score0.01407EPSS
Exploits3References24
Tenable Nessus
Tenable Nessus
added 2025/03/18 12:0 a.m.222 views

PHP 8.2.x < 8.2.28 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

9.8CVSS6.4AI score0.00821EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.6 views

SUSE CVE-2009-2855

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function...

5CVSS6.8AI score0.36732EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-24910 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: openfga/openfga versions 0.2.3 and prior Description: OpenFGA is an authorization/permission engine. The streamed-list-objects endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users who ar...

5.3CVSS6.8AI score0.00672EPSS
Exploits0References10
NVD
NVD
added 2021/11/02 12:15 p.m.15 views

CVE-2021-42763

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI query workbench etc to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request,...

7.5CVSS0.00588EPSS
Exploits0References2
Prion
Prion
added 2021/11/02 12:15 p.m.16 views

Cross site request forgery (csrf)

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI query workbench etc to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request,...

5CVSS7.5AI score0.00588EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/02 11:46 a.m.21 views

CVE-2021-42763

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI query workbench etc to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request,...

7.7AI score0.00588EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/06/24 12:43 p.m.4 views

openstack-keystone: failure to check signature TTL of the EC2 credential auth method

A flaw was found in Keystone, where the restriction was not checked for the Signature Version 4 V4 process of AWS signatures issued within a limited time window. This flaw allows an attacker to capture an auth header and reuse it, potentially maintaining indefinite access...

5.5CVSS5.7AI score0.00705EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2010/10/11 12:0 a.m.31 views

SuSE 10 Security Update : squid (ZYPP Patch Number 6931)

The following vulnerabilities have been fixed in squid : - DoS via special crafted auth header CVE-2010-0308: DoS via invalid DoS header. CVE-2009-2855 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

5CVSS7.2AI score0.36732EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2010/03/23 12:0 a.m.25 views

SuSE 10 Security Update : squid (ZYPP Patch Number 6930)

The following vulnerabilities have been fixed in squid : - DoS via special crafted auth header CVE-2010-0308: DoS via invalid DoS header. CVE-2009-2855 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

5CVSS7.2AI score0.36732EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2010/02/08 12:0 a.m.22 views

Squid 'lib/rfc1035.c' DoS Vulnerability (SQUID-2010:1)

Squid is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...

4CVSS6.1AI score0.22858EPSS
Exploits0References8
securityvulns
securityvulns
added 2010/02/04 12:0 a.m.78 views

[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1991-1 [email protected] http://www.debian.org/security/ Steffen Joeris February 04, 2010 http://www.debian.org/security/faq -...

5CVSS0.4AI score0.36732EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/08/24 12:0 a.m.31 views

Squid < 3.1.4 External Auth Header Parser DoS Vulnerabilities

Squid is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5CVSS6.3AI score0.36732EPSS
Exploits1References3
Rows per page
Query Builder