Lucene search
K

34 matches found

OSV
OSV
added 2024/09/27 11:9 a.m.4 views

OESA-2024-2198 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option...

7.5CVSS6.8AI score0.00677EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/09/21 3:22 a.m.4 views

SUSE CVE-2024-45614

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

5.4CVSS6.8AI score0.00646EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/05/02 5:4 p.m.18 views

CVE-2023-30861 Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

7.5CVSS7.5AI score0.01261EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2022/06/09 12:0 a.m.8 views

CVE-2022-31042 Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

7.5CVSS7.6AI score0.0182EPSS
Exploits0References5
OSV
OSV
added 2021/08/16 4:15 a.m.13 views

CVE-2021-38713

imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header...

5.4CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2021/08/02 7:15 p.m.3 views

UBUNTU-CVE-2021-33197

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...

5.3CVSS6.8AI score0.02279EPSS
Exploits1References4
Oracle linux
Oracle linux
added 2020/10/06 12:0 a.m.391 views

cpio security update

2.11-28 - Improper input validation when writing tar header fields 1766222...

7.3CVSS2AI score0.00686EPSS
Exploits1
OpenVAS
OpenVAS
added 2015/05/28 12:0 a.m.19 views

Juniper Networks Junos OS J-Web Clickjacking Vulnerability

Junos OS is prone to Clickjacking vulnerability on J-Web. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...

4.3CVSS5.2AI score0.01816EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2012/05/07 6:13 p.m.80 views

Moderate: Red Hat Security Advisory: httpd security and bug fix update

Updated httpd packages that fix multiple security issues and one bug are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

7.8CVSS7.6AI score0.98945EPSS
Exploits39References9
Exploit DB
Exploit DB
added 2012/04/16 12:0 a.m.24 views

McAfee Web Gateway 7.1.5.x - 'Host' HTTP Header Security Bypass

source: https://www.securityfocus.com/bid/53015/info McAfee Web Gateway is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. A successful attack will allow an attacker to bypass intended security restrictions; this may aid in other attacks. McAfee Web...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/03/15 12:0 a.m.36 views

Firefox < 10.0.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 10.0.3 and thus, is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context ...

9.3CVSS7.6AI score0.0663EPSS
Exploits1References20
NVD
NVD
added 2009/08/19 10:30 a.m.14 views

CVE-2008-7014

fhttpd 0.4.2 allows remote attackers to cause a denial of service crash via an Authorization HTTP header with an invalid character after the Basic value...

5CVSS6.6AI score0.02607EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2009/05/22 12:0 a.m.23 views

McAfee GroupShield for Exchange X-Header Security Bypass Vulnerability

This host is installed McAfee GroupShield for Microsoft Exchange and is prone to X-Header Security Bypass Vulnerability. OpenVAS Vulnerability Test $Id: gbmcafeegroupshieldexchangesecbypassvuln.nasl 8197 2017-12-20 12:50:38Z cfischer $ McAfee GroupShield for Exchange X-Header Security Bypass...

9.3CVSS0.9AI score0.02818EPSS
Exploits1References2
exploitpack
exploitpack
added 2000/05/24 12:0 a.m.16 views

Cobalt RaQ 2.03.0 qpopper 2.522.53 - EUIDL Format String Input

Cobalt RaQ 2.03.0 qpopper 2.522.53 - EUIDL Format String Input // source: https://www.securityfocus.com/bid/1242/info A vulnerability exists in version 2.53 and prior of qpopper, a popular POP server, from Qualcomm. By placing machine executable code in the X-UIDL header field, supplying formatti...

0.4AI score
Exploits0
Rows per page
Query Builder