CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2480 matches found

Vulnrichment•added 2022/11/14 6:47 p.m.•8 views

CVE-2022-34316 IBM CICS TX information disclosure

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452...

3.7CVSS6.2AI score0.00359EPSS

Exploits0References3

CVE•added 2022/11/14 6:47 p.m.•61 views

CVE-2022-34316

CVE-2022-34316 affects IBM CICS TX 11.1, where HTTP headers may not neutralize or may incorrectly neutralize web scripting syntax, potentially enabling abuse by components that process raw headers. Public details in IBM bulletins confirm the issue and cite IBM X-Force ID 229452. CVSS metrics plac...

5.3CVSS4.5AI score0.00359EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2022/11/09 2:26 p.m.•60 views

CVE-2022-42252

A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack...

4.8CVSS1.5AI score0.0029EPSS

Exploits0References3

Veracode•added 2022/11/02 4:37 a.m.•23 views

Privilege Escalation

apereo/phpcas is vulnerable to privilege escalation. The vulnerability exists because HTTP headers are not properly sanitized and the CAS server service registry does not properly validate authorized services in sso federation which allows an attacker to gain to access user account on a vulnerabl...

8CVSS7.6AI score0.00989EPSS

Exploits0References10Affected Software2

GitLab Advisory Database•added 2022/11/02 12:0 a.m.•14 views

Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

6.3AI score

Exploits0References4Affected Software1

CNNVD•added 2022/11/02 12:0 a.m.•2 views

Splunk 注入漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk...

5.4CVSS5.8AI score0.00304EPSS

Exploits0References5

NVD•added 2022/11/01 5:15 p.m.•14 views

CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

8CVSS0.00989EPSS

Exploits0References5

UbuntuCve•added 2022/11/01 5:15 p.m.•36 views

CVE-2022-39369

8CVSS6.6AI score0.00989EPSS

Exploits0References5

Github Security Blog•added 2022/11/01 12:0 p.m.•45 views

Apache Tomcat may reject request containing invalid Content-Length header

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

7.5CVSS7.5AI score0.0029EPSS

Exploits0References11Affected Software2

NVD•added 2022/11/01 9:15 a.m.•18 views

CVE-2022-42252

7.5CVSS0.0029EPSS

Exploits0References2

GitLab Advisory Database•added 2022/11/01 12:0 a.m.•25 views

phpCAS vulnerable to Service Hostname Discovery Exploitation

8CVSS1.1AI score0.00989EPSS

Exploits0References5Affected Software1

Cvelist•added 2022/10/31 6:40 a.m.•18 views

CVE-2022-39026 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.5AI score0.00154EPSS

Exploits0References1

OpenVAS•added 2022/10/28 12:0 a.m.•21 views

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2022-2611)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.8AI score0.00151EPSS

Exploits0References2

WPVulnDB•added 2022/10/28 12:0 a.m.•16 views

The function checkisloginpage uses headers for the IP check, which can be easily spoofed. PoC Set HTTPCLIENTIP to bypass blocks / use allowed IP addresses...

7.5CVSS1.6AI score0.00268EPSS

Exploits2Affected Software1

NVD•added 2022/10/27 1:15 p.m.•10 views

CVE-2022-3409

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipartparser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected...

8.2CVSS0.00433EPSS

Exploits0References1

NVD•added 2022/10/27 1:15 p.m.•11 views

CVE-2022-2809

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipartparser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipartparser handles unclosed http headers. If long...

8.2CVSS0.00271EPSS

Exploits0References1