Lucene search
K

65 matches found

CNNVD
CNNVD
added 2025/01/23 12:0 a.m.4 views

Xerox Workplace Suite 授权问题漏洞

Xerox Workplace Suite is a powerful print management software from Xerox. An authorization issue vulnerability exists in Xerox Workplace Suite version 5.6.701.9, which stems from API Security being bypassed by modifying the header...

7.5CVSS6.8AI score0.0035EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.4 views

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O that stems from a configuration directive provided by the header handler that allows a user to modify the response header sent by h2o, potentially causing the...

4.3CVSS6.4AI score0.00428EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/08/05 12:0 a.m.4 views

UAB Pantera CRM 安全漏洞

UAB Pantera CRM is a tool and information management system from UAB Pantera. A security vulnerability exists in UAB Pantera CRM version v.401.152 and v.402.072, which stems from an insecure privilege vulnerability allows remote attackers to execute arbitrary code by modifying the header componen...

7.5CVSS7.6AI score0.004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.8 views

PT-2024-25808

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 14.1.1 Description A Server-Side Request Forgery SSRF vulnerability was identified in Next.js Server Actions. If the Host header is modified, and certain conditions are met, an attacker may be able to make requests th...

7.5CVSS6.2AI score0.05453EPSS
Exploits3References22
NVD
NVD
added 2024/03/06 12:15 a.m.27 views

CVE-2023-38944

An issue in Multilaser RE160V firmware v12.03.01.09pt and Multilaser RE163V firmware v12.03.01.10pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header...

9.8CVSS6.8AI score0.15528EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2024/03/05 12:0 a.m.10 views

CVE-2023-38944

An issue in Multilaser RE160V firmware v12.03.01.09pt and Multilaser RE163V firmware v12.03.01.10pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header...

7.4AI score0.15528EPSS
Exploits3References1
Cvelist
Cvelist
added 2024/03/05 12:0 a.m.34 views

CVE-2023-38944

An issue in Multilaser RE160V firmware v12.03.01.09pt and Multilaser RE163V firmware v12.03.01.10pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header...

7.1AI score0.15528EPSS
Exploits3References1
OSV
OSV
added 2023/08/02 3:15 p.m.5 views

CVE-2023-38330

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack...

5.3CVSS5.8AI score0.00358EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/06/06 2:14 p.m.3 views

openvswitch: ip proto 0 triggers incorrect handling

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

8.2CVSS5.7AI score0.01216EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/05/12 8:19 p.m.73 views

Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

4.3CVSS6.3AI score0.00482EPSS
Exploits2References6Affected Software1
RedHat Linux
RedHat Linux
added 2023/04/13 10:3 a.m.6 views

openvswitch: ip proto 0 triggers incorrect handling

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

8.2CVSS5.7AI score0.01216EPSS
Exploits0References5
OSV
OSV
added 2023/04/10 10:15 p.m.2 views

UBUNTU-CVE-2023-1668

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

8.2CVSS6.5AI score0.01216EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/06 12:0 a.m.4 views

Open vSwitch 安全漏洞

Open vSwitch is an open source virtual switch. A security vulnerability exists in Open vSwitch that stems from the fact that when processing IP packets with protocol 0, a data path stream is installed without modifying the IP header operation...

8.2CVSS6.7AI score0.01216EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.4 views

SUSE CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

5CVSS7.1AI score0.01789EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.5 views

SUSE CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

5CVSS7.4AI score0.22602EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.5 views

SUSE CVE-2013-1922

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different...

3.3CVSS6.5AI score0.00344EPSS
Exploits0References6
OSV
OSV
added 2022/12/20 8:15 p.m.4 views

CVE-2022-38873

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-366...

7.5CVSS5.8AI score0.00489EPSS
Exploits1References2
NVD
NVD
added 2022/12/20 8:15 p.m.30 views

CVE-2022-38873

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-366...

7.5CVSS0.00489EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/16 12:0 a.m.9 views

CVE-2022-4130

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server...

4.7AI score0.00669EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 3:20 p.m.5 views

USN-5286-1 cryptsetup vulnerability

Milan Broz discovered that cryptsetup incorrectly handled LUKS2 reencryption recovery. An attacker with physical access to modify the encrypted device header may trigger the device to be unencrypted the next time it is mounted by the user. On Ubuntu 20.04 LTS, this issue was fixed by disabling th...

4.3CVSS6.7AI score0.0028EPSS
Exploits0References2
Rows per page
Query Builder