CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16591 matches found

UbuntuCve•added 2023/11/29 8:15 p.m.•25 views

CVE-2023-49082

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

5.3CVSS6.3AI score0.0094EPSS

Exploits1References6

Debian CVE•added 2023/11/29 8:7 p.m.•29 views

CVE-2023-49082

5.3CVSS5.6AI score0.0094EPSS

Exploits1

Cvelist•added 2023/11/29 8:7 p.m.•37 views

CVE-2023-49082 aiohttp's ClientSession is vulnerable to CRLF injection via method

5.3CVSS6.1AI score0.0094EPSS

Exploits1References4

IBM Security Bulletins•added 2023/11/29 2:46 p.m.•41 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Eclipse Jetty

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Eclipse Jetty. Vulnerability Details CVEID: CVE-2023-36479 DESCRIPTION: Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the...

5.3CVSS6.1AI score0.013EPSS

Exploits1Affected Software1

Veracode•added 2023/11/29 12:3 p.m.•21 views

Race Condition

github.com/go-resty/resty/ is vulnerable to Race condition. The vulnerability is due to calling sync.pool. The vulnerability arises due to improper handling of buffer reset functionality, wherein the buffer gets embedded with a request body and gets appended to current HTTP request body. Any...

5.9CVSS7.2AI score0.00728EPSS

Exploits1References6Affected Software1

RedhatCVE•added 2023/11/29 10:29 a.m.•30 views

CVE-2023-45286

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...

4.7CVSS7.1AI score0.00728EPSS

Exploits1References3

Veracode•added 2023/11/29 7:59 a.m.•35 views

Denial Of Service (DoS)

Spring Boot is vulnerable to Denial Of Service. The vulnerability is due to parsing malicious HTTP Request without proper validation or sanitization. This issue can be exploited by an attacker via crafting mailicous HTTP Request leading to Denial Of Service. Note that the following conditions mus...

6.5CVSS7AI score0.01219EPSS

Exploits0References3Affected Software1

Veracode•added 2023/11/29 6:58 a.m.•27 views

Request Smuggling

aiohttp is vulnerable to Request Smuggling. The vulnerability exists due to improper HTTP method validation in the init function of clientreqrep.py. This allows an attacker to modify the HTTP request, such as inserting a new header or even creating a new HTTP request if the attacker can control t...

5.3CVSS7AI score0.0094EPSS

Exploits1References6Affected Software1

Veracode•added 2023/11/29 6:11 a.m.•37 views

Request Smuggling

org.apache.tomcat: tomcat-catalina is vulnerable to Request Smuggling. The vulnerability is due to the realReadBytes function in InputBuffer.java because there is no check or validation for the size of the HTTP request data, specifically the HTTP trailer headers. This allows an attacker to add...

7.5CVSS7.1AI score0.02651EPSS

Exploits0References6Affected Software3

IBM Security Bulletins•added 2023/11/29 3:34 a.m.•43 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Eclipse Jetty

Summary Multiple vulnerabilities in Eclipse Jetty used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the...

5.3CVSS6.3AI score0.01069EPSS

Exploits1Affected Software1

OSV•added 2023/11/28 5:36 p.m.•14 views

GHSA-XWH9-GC39-5298 github.com/go-resty/resty/v2 HTTP request body disclosure

5.9CVSS5.2AI score0.00728EPSS

Exploits1References8

Github Security Blog•added 2023/11/28 5:36 p.m.•18 views

github.com/go-resty/resty/v2 HTTP request body disclosure

5.9CVSS7AI score0.00728EPSS

Exploits1References8Affected Software1

NVD•added 2023/11/28 5:15 p.m.•15 views

CVE-2023-45286

5.9CVSS0.00728EPSS

Exploits1References5

OSV•added 2023/11/28 5:15 p.m.•22 views

CVE-2023-45286

5.9CVSS7AI score

Exploits0References5

Prion•added 2023/11/28 5:15 p.m.•25 views

Race condition

2.6CVSS6.8AI score0.00728EPSS

Exploits1References5Affected Software1

UbuntuCve•added 2023/11/28 5:15 p.m.•22 views

CVE-2023-45286

5.9CVSS6.1AI score0.00728EPSS

Exploits1References5

Debian CVE•added 2023/11/28 4:31 p.m.•33 views

CVE-2023-45286

5.9CVSS5.4AI score0.00728EPSS

Exploits1

Cvelist•added 2023/11/28 4:31 p.m.•51 views

CVE-2023-45286 HTTP request body disclosure in github.com/go-resty/resty/v2

5.8AI score0.00728EPSS

Exploits1References5

Vulnrichment•added 2023/11/28 4:31 p.m.•14 views

CVE-2023-45286 HTTP request body disclosure in github.com/go-resty/resty/v2

6.6AI score0.00728EPSS

Exploits1References5

CVE•added 2023/11/28 4:31 p.m.•1322 views

CVE-2023-45286

CVE-2023-45286 concerns a race condition in the Go HTTP client library go-resty/resty/v2. When request retries are enabled, calling sync.Pool.Put on the same bytes.Buffer more than once may yield a buffer that hasn’t been Reset, causing the HTTP request body from a prior request to be appended to...

5.9CVSS5.9AI score0.00728EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by