Lucene search
K

16601 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:7 a.m.42 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected...

9.1CVSS9.4AI score0.03906EPSS
Exploits5Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.4 views

PT-2024-6594 · Draytek · Draytek Vigor 3910

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3910 devices through 4.3.2.6 Description: The issue is a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. This can be exploited by...

10CVSS8.1AI score0.01407EPSS
Exploits1References40
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 7:35 p.m.64 views

Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.

Summary Cloud Pak System is vulnerable to HTTP request splitting attack CVE-2023-25690. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of RewriteRule or...

9.8CVSS9.2AI score0.8377EPSS
Exploits5Affected Software1
NVD
NVD
added 2024/09/27 6:15 p.m.11 views

CVE-2024-39364

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...

7CVSS0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/27 5:48 p.m.17 views

CVE-2024-39364 Advantech ADAM-5630 Missing Authentication for Critical Function

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...

7CVSS0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/27 5:48 p.m.14 views

CVE-2024-39364 Advantech ADAM-5630 Missing Authentication for Critical Function

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...

7CVSS7.3AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2024/09/27 11:9 a.m.3 views

OESA-2024-2175 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to t...

8.2CVSS6.8AI score0.87211EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 7:6 p.m.40 views

Security Bulletin: Vulnerabilities in Netty affect IBM watsonx.data

Summary Netty is vulnerable to HTTP request smuggling and weaker than expected security. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a...

9.1CVSS9.1AI score0.13474EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 6:55 p.m.42 views

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty has multiple vulnerabilities such as HTTP request smuggling, weaker than expected security, and denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the...

9.1CVSS9AI score0.13474EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 5:28 p.m.77 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 9 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a...

9.8CVSS10AI score0.20459EPSS
Exploits7Affected Software1
OSV
OSV
added 2024/09/25 5:15 p.m.6 views

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

6.5CVSS5.8AI score0.00426EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/25 4:19 p.m.10 views

CVE-2024-20508 Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

5.8CVSS7.2AI score0.00426EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/25 7:36 a.m.4 views

HTTP Request Smuggling (HRS)

webrick is vulnerable to HTTP request smuggling. The vulnerability is due to inadequate validation and handling of conflicting HTTP headers Content-Length and Transfer-Encoding, allowing multiple interpretations of a single request...

7.4AI score0.00393EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/25 12:0 a.m.9 views

CVE-2024-44678

Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the ssid parameter in the request...

7.5AI score0.01289EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/25 12:0 a.m.11 views

CVE-2024-44678

Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the ssid parameter in the request...

0.01289EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.4 views

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that stems from...

6.5CVSS6.8AI score0.00426EPSS
Exploits0References3
CVE
CVE
added 2024/09/25 12:0 a.m.37 views

CVE-2024-44678

The CVE-2024-44678 entry affects Gigastone TR1 Travel Router R101 v1.0.2. Affected component: the ssid parameter handling in HTTP requests. Root cause: command injection that allows an authenticated attacker to execute arbitrary commands on the device. Impact: complete control of the device with ...

8CVSS7.8AI score0.01289EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/09/25 12:0 a.m.9 views

Ubuntu: Security Advisory (USN-7032-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.02651EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/09/24 9:8 p.m.31 views

CVE-2024-38809

A flaw was found in the Spring Web org.springframework:spring-web package. Due to improper ETag prefix validation when the application parses ETags from the If-Match or If-None-Match request headers, an attacker can trigger a denial of service by sending a maliciously crafted conditional HTTP...

5.3CVSS5.2AI score0.00858EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/09/24 6:34 p.m.56 views

Spring Framework DoS via conditional HTTP request

Description Applications that parse ETags from If-Match or If-None-Match request headers are vulnerable to DoS attack. Affected Spring Products and Versions org.springframework:spring-web in versions 6.1.0 through 6.1.11 6.0.0 through 6.0.22 5.3.0 through 5.3.37 Older, unsupported versions are al...

5.3CVSS6.7AI score0.00858EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder