Lucene search
K

16598 matches found

Positive Technologies
Positive Technologies
added 2024/11/27 12:0 a.m.3 views

PT-2024-8962 · Haproxy +6 · Haproxy +6

Name of the Vulnerable Software and Affected Versions: HAProxy affected versions not specified Description: The issue is related to an inconsistent interpretation of HTTP requests, also known as 'HTTP Request/Response Smuggling' or 'Contrabando de solicitudes/respuestas HTTP'. This allows a remot...

5.3CVSS4.9AI score0.01043EPSS
Exploits0References37
Tenable Nessus
Tenable Nessus
added 2024/11/27 12:0 a.m.15 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : libsoup vulnerabilities (USN-7126-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7126-1 advisory. It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could...

8.4CVSS7.3AI score0.00933EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/11/27 12:0 a.m.14 views

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : libsoup3 vulnerabilities (USN-7127-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7127-1 advisory. It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue...

8.4CVSS7.3AI score0.00933EPSS
Exploits2References4
Ubuntu
Ubuntu
added 2024/11/26 6:25 p.m.240 views

USN-6988-2: Twisted vulnerability

USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that previous releases were unaffected. This update provides the equivalent fix for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Ben Kallus discovered that Twisted incorrectly handled...

8.3CVSS7.9AI score0.00856EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/11/26 4:10 a.m.3 views

SUSE CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

4.8CVSS7.1AI score0.01132EPSS
Exploits1References12
OpenVAS
OpenVAS
added 2024/11/26 12:0 a.m.14 views

Fedora: Security Advisory (FEDORA-2024-a059ea1dfc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.00933EPSS
Exploits1References4
NVD
NVD
added 2024/11/25 4:15 p.m.21 views

CVE-2023-26280

IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...

5.3CVSS0.00402EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/25 3:51 p.m.19 views

CVE-2023-26280 IBM Jazz Foundation improper access control

IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...

5.3CVSS0.00402EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/25 3:51 p.m.19 views

CVE-2023-26280 IBM Jazz Foundation improper access control

IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...

5.3CVSS5.2AI score0.00402EPSS
Exploits0References1
CVE
CVE
added 2024/11/25 3:51 p.m.54 views

CVE-2023-26280

The CVE-2023-26280 issue affects IBM Jazz Foundation 7.0.2 and 7.0.3, where improper access control could let a user change their dashboard via a specially crafted HTTP request. The root cause is access-control weakness in the dashboard feature, with a CVSSv3.1 base score of 5.3 (Network, Low att...

5.3CVSS5.2AI score0.00402EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2024/11/25 6:20 a.m.20 views

CVE-2024-11234

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

4.8CVSS6.6AI score0.01132EPSS
Exploits1References4
OSV
OSV
added 2024/11/24 1:15 a.m.7 views

AZL-53613 CVE-2024-11234 affecting package php for versions less than 8.1.31-1

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

7.2CVSS6.5AI score0.01132EPSS
Exploits1References1
OSV
OSV
added 2024/11/24 1:15 a.m.15 views

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

7.2CVSS6.8AI score
Exploits0References3
NVD
NVD
added 2024/11/24 1:15 a.m.27 views

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

7.2CVSS0.01132EPSS
Exploits1References3
OSV
OSV
added 2024/11/24 1:15 a.m.2 views

DEBIAN-CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

7.2CVSS6.1AI score0.01132EPSS
Exploits1References1
CVE
CVE
added 2024/11/24 12:57 a.m.331 views

CVE-2024-11234

The CVE-2024-11234 entry concerns HTTP request smuggling via PHP streams when a proxy is configured and the request_fulluri option is used. Affected PHP versions are 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14. The vulnerability arises from improper URI sanitization in strea...

7.2CVSS5.4AI score0.01132EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/24 12:57 a.m.22 views

CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

4.8CVSS7AI score0.01132EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/24 12:57 a.m.28 views

CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

4.8CVSS0.01132EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2024/11/24 12:57 a.m.13 views

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

7.2CVSS6.6AI score0.01132EPSS
Exploits1
Debian CVE
Debian CVE
added 2024/11/24 12:57 a.m.9 views

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

7.2CVSS6.1AI score0.01132EPSS
Exploits1
Rows per page
Query Builder