Lucene search
K

16601 matches found

Debian CVE
Debian CVE
added 2024/08/23 5:43 p.m.21 views

CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

9.8CVSS6.6AI score0.89783EPSS
Exploits10
F5 Networks
F5 Networks
added 2024/08/23 2:16 a.m.33 views

K000140787: Gunicorn vulnerability CVE-2024-1135

Security Advisory Description Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This iss...

7.5CVSS7.8AI score0.02996EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/23 12:0 a.m.59 views

Spring Framework < 5.3.39 / 6.0.x < 6.0.23 / 6.1.x < 6.1.12 HTTP Request DoS (CVE-2024-38809)

The remote host contains a Spring Framework version prior to 5.3.39, 6.0.x prior to 6.0.23, or 6.1.x prior to 6.1.12. It is, therefore, affected by an HTTP Request DoS vulnerability: - Applications that parse ETags from 'If-Match' or 'If-None-Match' request headers are vulnerable to DoS attack...

5.3CVSS6.8AI score0.00858EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/22 5:47 p.m.49 views

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2015-5739 DESCRIPTION: Go is vulnerable to HTTP request smuggling, caused by a flaw in net/http library in net/textproto/reader.go. By sendin...

10CVSS9.1AI score0.91969EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2024/08/22 9:47 a.m.13 views

Server Side Request Forgery (SSRF)

ckan is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused due to CKAN plugins like XLoader, DataPusher, Resource proxy and ckanext-archiver not validating the resource URLs while making HTTP request to access the remote resources. This can lead to a malicious or unaware...

6.5CVSS6.9AI score0.00345EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2024/08/22 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2270)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.8377EPSS
Exploits5References2
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.226 views

Event Registration and Attendance System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Event Registration and Attendance System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
OSV
OSV
added 2024/08/20 8:29 p.m.13 views

GO-2023-1707 HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation in github.com/hashicorp/nomad

HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation in github.com/hashicorp/nomad...

9.9CVSS9.6AI score0.00759EPSS
Exploits0References3
OSV
OSV
added 2024/08/16 11:8 a.m.4 views

OESA-2024-1986 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1...

8.3CVSS6.4AI score0.01109EPSS
Exploits0References3
CNVD
CNVD
added 2024/08/16 12:0 a.m.2 views

Tenda FH1206 Command Execution Vulnerability

Tenda FH1206 is a dual-band wireless router from Tenda, designed for large homes with fiber optics. The Tenda FH1206 suffers from a command execution vulnerability that originates from an arbitrary command execution vulnerability contained in the handler parameter of the /goform/telnet file, whic...

9.8CVSS8.1AI score0.0123EPSS
Exploits1References1
Redos
Redos
added 2024/08/16 12:0 a.m.17 views

ROS-20240816-03

Vulnerability of HTTP Daemon is related to inconsistent interpreting of HTTP requests when processing 'Content-Length' string values. when processing 'Content-Length' string values. Exploitation of the vulnerability could allow an attacker, acting remotely, to escalate their privileges by sending...

7.3CVSS7.3AI score0.02108EPSS
Exploits1
Redos
Redos
added 2024/08/16 12:0 a.m.38 views

ROS-20240816-16

A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...

9.8CVSS8.2AI score0.99987EPSS
Exploits66
NVD
NVD
added 2024/08/15 5:15 p.m.18 views

CVE-2024-42978

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...

9.8CVSS0.0123EPSS
Exploits1References1
NVD
NVD
added 2024/08/15 5:15 p.m.21 views

CVE-2024-42947

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...

9.8CVSS0.0098EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/15 12:0 a.m.19 views

CVE-2024-42947

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...

7.7AI score0.0098EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/15 12:0 a.m.14 views

CVE-2024-42978

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...

0.0123EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/15 12:0 a.m.13 views

CVE-2024-42978

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...

7.9AI score0.0123EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/15 12:0 a.m.26 views

CVE-2024-42947

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...

0.0098EPSS
Exploits1References1
CVE
CVE
added 2024/08/15 12:0 a.m.72 views

CVE-2024-42978

CVE-2024-42978 affects the Tenda FH1206 router (version v02.03.01.35). The vulnerability lies in the handler function for /goform/telnet, where insufficient input sanitization allows remote attackers to execute arbitrary commands via a crafted HTTP request. CVSS v3.1 base score 9.8 (CRITICAL) wit...

9.8CVSS7.7AI score0.0123EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/08/15 12:0 a.m.64 views

CVE-2024-42947

The CVE-2024-42947 entry concerns Tenda FH1201 v1.2.0.14. A vulnerability in the /goform/telnet handler allows an attacker to execute arbitrary commands through a crafted HTTP request, enabling remote command execution with network access. This is evidenced by several connected sources referencin...

9.8CVSS7.7AI score0.0098EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder