Lucene search
K

16598 matches found

Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.15 views

Amazon Linux 2022 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2022-2022-013)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-013 advisory. An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations a...

6.5CVSS7.2AI score0.02936EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.10 views

Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2024-772)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-772 advisory. GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a Transfer-Encoding\0: chunked header is...

8.4CVSS7.3AI score0.00933EPSS
Exploits2References8
Veracode
Veracode
added 2024/12/09 7:18 a.m.5 views

HTTP Request Smuggling

Keycloak Server is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of proxy headers, allowing attackers to exploit non-IP values, leading to costly DNS resolution operations that can overload IO threads...

4.7CVSS7.1AI score0.00399EPSS
Exploits0References9Affected Software3
Tenable Nessus
Tenable Nessus
added 2024/12/09 12:0 a.m.5 views

CBL Mariner 2.0 Security Update: php (CVE-2024-11234)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11234 advisory. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured...

7.2CVSS7.3AI score0.01132EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/12/09 12:0 a.m.8 views

The vulnerability of the channel_request_lookahead() function in the WSGI server for Python Waitress allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the channelrequestlookahead function in the WSGI server for Python Waitress is related to synchronization errors when using shared resources due to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP request...

9.4CVSS6.5AI score0.00496EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2024/12/09 12:0 a.m.71 views

CVE-2024-48956

CVE-2024-48956 affects Serviceware Processes versions 6.0 through 7.3 prior to 7.4. The issue enables unauthenticated attackers to send a specially crafted HTTP request to a service endpoint, leading to remote code execution. Public sources in the provided documents consistently describe this as ...

9.8CVSS9.9AI score0.00862EPSS
Exploits0References2
NVD
NVD
added 2024/12/06 6:15 p.m.20 views

CVE-2024-52558

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...

6.9CVSS0.00602EPSS
Exploits0References2
NVD
NVD
added 2024/12/06 6:15 p.m.19 views

CVE-2024-52320

The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution...

9.8CVSS0.02341EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/06 5:23 p.m.24 views

CVE-2024-52558 Planet Technology Planet WGS-804HPT Integer Underflow

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...

6.9CVSS0.00602EPSS
Exploits0References2
CVE
CVE
added 2024/12/06 5:21 p.m.77 views

CVE-2024-52320

Planet Technology WGS-804HPT series switches are affected by CVE-2024-52320, a pre-authentication command injection flaw that can lead to remote code execution via a crafted HTTP request. The issue is documented with high criticality (CVSS v3.1/4.0 scores: 9.8/9.3, network access, no authenticati...

9.8CVSS10AI score0.02341EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/06 5:20 p.m.16 views

CVE-2024-48871 Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow

The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution...

9.8CVSS7.9AI score0.01368EPSS
Exploits0References2
CVE
CVE
added 2024/12/06 5:20 p.m.69 views

CVE-2024-48871

CVE-2024-48871 affects Planet Technology’s Planet WGS-804HPT industrial switch. The issue is a stack-based buffer overflow exposed via a crafted HTTP request, allowing unauthenticated remote code execution. Public mentions in THN’s coverage confirm this CVE as part of a set of flaws in the dispat...

9.8CVSS9.9AI score0.01368EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/06 3:57 p.m.14 views

CVE-2024-30129 HCL Nomad server on Domino is affected by a host header injection vulnerability

The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address...

5.3CVSS6.8AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2024/12/06 3:15 p.m.29 views

CVE-2024-42196

HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

6.2CVSS0.0015EPSS
Exploits0References1
OSV
OSV
added 2024/12/05 7:6 a.m.154 views

BIT-HAPROXY-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

5.3CVSS5AI score0.01043EPSS
Exploits0References7
CNVD
CNVD
added 2024/12/04 12:0 a.m.9 views

IBM Jazz Foundation Access Control Error Vulnerability

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. An Access Control Error vulnerability exists in IBM Jazz Foundation versions 7.0.2 and 7.0.3 that stems from improper access control and can be exploited by a...

5.3CVSS6.6AI score0.00402EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/03 1:24 a.m.12 views

CVE-2024-9197

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50ABPM.9.2C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service DoS condition against the web...

4.9CVSS7.2AI score0.00489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/12/02 11:51 p.m.13 views

CVE-2024-53990

A flaw was found in the AsyncHttpClient AHC library. When making any HTTP request, the automatically enabled and self-managed CookieStore will silently replace explicitly defined cookies with any that have the same name from the CookieStore. For services that operate with multiple users, this can...

8.1CVSS6.1AI score0.00587EPSS
Exploits0References7
OSV
OSV
added 2024/12/02 5:10 p.m.13 views

CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

9.2CVSS7.9AI score0.00587EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/12/02 12:0 a.m.13 views

Mageia: Security Advisory (MGASA-2024-0382)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.4CVSS7.1AI score0.00933EPSS
Exploits2References7
Rows per page
Query Builder