Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.8 views

Photon OS 4.0: Rubygem PHSA-2024-4.0-0713

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0713. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

5.8CVSS5.5AI score0.00637EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.5 views

Photon OS 5.0: Rubygem PHSA-2024-5.0-0405

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0405. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

5.8CVSS5.5AI score0.00637EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 2:31 p.m.83 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-4527 DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the getaddrinfo function. By...

10CVSS10AI score0.81422EPSS
Exploits39Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.17 views

CBL Mariner 2.0 Security Update: rubygem-protocol-http1 (CVE-2023-38697)

The version of rubygem-protocol-http1 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38697 advisory. - protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section...

5.8CVSS5.7AI score0.00637EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2023/08/30 2:44 p.m.57 views

CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1

CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1. An upgraded version of the package is available that resolves this issue...

5.8CVSS5.8AI score0.00637EPSS
Exploits0
OSV
OSV
added 2023/08/04 6:15 p.m.4 views

AZL-27830 CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.3CVSS6.1AI score0.00637EPSS
Exploits0References1
CVE
CVE
added 2023/08/04 5:32 p.m.86 views

CVE-2023-38697

The CVE-2023-38697 entry concerns protocol-http1 (HTTP/1) parsing: Falcon’s RFC-compliant checks on Content-Length and chunk size can be bypassed by accepting +, 0x prefixes, and LF in chunk extensions, causing desynchronization across HTTP parsers and enabling HTTP request smuggling or firewall ...

5.8CVSS5AI score0.00637EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/04 5:32 p.m.11 views

CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.8CVSS5.4AI score0.00637EPSS
Exploits0References4
Rows per page
Query Builder