Lucene search
K

16598 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.22 views

Amazon Linux 2 : golang (ALASGOLANG1.19-2023-002)

The version of golang installed on the remote host is prior to 1.19.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GOLANG1.19-2023-002 advisory. An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/mac...

9.1CVSS7.5AI score0.05623EPSS
Exploits5References46
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.44 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-012)

The version of tomcat installed on the remote host is prior to 8.5.51-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-012 advisory. The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References8
OpenVAS
OpenVAS
added 2023/09/27 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-6399-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.00738EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.18 views

Amazon Linux 2 : nginx (ALASNGINX1-2023-004)

The version of nginx installed on the remote host is prior to 1.18.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2023-004 advisory. NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an...

5.3CVSS6.7AI score0.14961EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.31 views

Ubuntu 23.04 : Puma vulnerability (USN-6399-1)

The remote Ubuntu 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6399-1 advisory. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack...

9.8CVSS6.5AI score0.00738EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.18 views

Amazon Linux 2 : squid (ALASSQUID4-2023-005)

The version of squid installed on the remote host is prior to 4.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2SQUID4-2023-005 advisory. A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smugglin...

8.6CVSS7AI score0.08161EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.40 views

RHEL 8 : nodejs:16 (RHSA-2023:5361)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5361 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.8CVSS7AI score0.03906EPSS
Exploits3References21
Veracode
Veracode
added 2023/09/25 11:25 a.m.15 views

Denial Of Service

nocodb is vulnerable to Denial Of Service. The vulnerability is due to Improper Input Validation via the Add new table field which can cause a Denial of Service by sending a specially crafted HTTP request...

6.5CVSS6.8AI score0.00638EPSS
Exploits1References4Affected Software1
Amazon
Amazon
added 2023/09/25 12:0 a.m.7 views

Medium: nginx

Issue Overview: NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. CVE-2019-20372 Affected Packages: nginx Note: Th...

5.3CVSS6.8AI score0.14961EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/09/25 12:0 a.m.68 views

Apache Shiro < 1.11.0 Authentication Bypass

Apache Shiro before 1.11.0, when using Apache Shiro with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to An...

7.5CVSS7.3AI score0.01553EPSS
Exploits0References2
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: tomcat

Issue Overview: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat...

9.8CVSS7AI score0.9927EPSS
Exploits45
RedhatCVE
RedhatCVE
added 2023/09/22 8:25 p.m.41 views

CVE-2023-40167

A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...

5.3CVSS5.2AI score0.01069EPSS
Exploits0References5
Veracode
Veracode
added 2023/09/20 9:6 a.m.36 views

HTTP Request Smuggling

Jetty is vulnerable to HTTP Request Smuggling. The vulnerability is due to accepting + character proceeding the content-length in the request. This vulnerability can be exploited by the attacker to possibly conduct request smuggling attacks...

5.3CVSS6.9AI score0.01069EPSS
Exploits0References6Affected Software2
wpexploit
wpexploit
added 2023/09/19 12:0 a.m.193 views

File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencode...

4.8CVSS5AI score0.00402EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2023/09/19 12:0 a.m.29 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Node.js vulnerabilities (USN-6380-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6380-1 advisory. Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into...

9.8CVSS8.1AI score0.57132EPSS
Exploits6References7
GithubExploit
GithubExploit
added 2023/09/16 7:47 p.m.20 views

Exploit for HTTP Request Smuggling in F5 Nginx

CVE-2019-20372 This repository is for educational purposes o...

5.3CVSS7.1AI score0.14961EPSS
Exploits3
UbuntuCve
UbuntuCve
added 2023/09/15 8:15 p.m.28 views

CVE-2023-40167

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

5.3CVSS6.8AI score0.01069EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/09/14 4:17 p.m.53 views

Jetty accepts "+" prefixed value in Content-Length

Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smugglin...

5.3CVSS6.7AI score0.01069EPSS
Exploits0References6Affected Software1
Hacker One
Hacker One
added 2023/09/14 2:58 p.m.99 views

curl: CVE-2023-38546: cookie injection with none file

Vulnerability description not provided...

3.7CVSS7.6AI score0.06208EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/14 12:0 a.m.38 views

IBM Data Risk Manager 2.0.1 <= 2.0.6.1 Multiple Vulnerabilities (6206875)

The version of IBM Data Risk Manager installed on the remote host is between 2.0.1 and 2.0.6.1. It is, therefore, affected by multiple vulnerabilities: - IBM Data Risk Manager could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a...

10CVSS9AI score0.71363EPSS
Exploits10References5
Rows per page
Query Builder