16598 matches found
CVE-2023-41265
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...
CVE-2023-41265
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...
CVE-2023-41265
CVE-2023-41265 affects Qlik Sense Enterprise for Windows. The issue is an HTTP Request Smuggling vulnerability caused by tunneling HTTP requests in the raw HTTP traffic, enabling a remote attacker to escalate privileges by crafting requests that execute on the backend repository server. Affected ...
CVE-2023-1997
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...
Command injection
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...
CVE-2023-1997 OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...
CVE-2023-1997 OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...
SUSE-SU-2023:3455-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using...
PT-2023-17399 · Dassault Systèmes · Simulia 3Dorchestrate
Name of the Vulnerable Software and Affected Versions: SIMULIA 3DOrchestrate versions 3DEXPERIENCE R2021x through 3DEXPERIENCE R2023x Description: An OS Command Injection issue exists, allowing arbitrary command execution through a specially crafted HTTP request. Recommendations: For SIMULIA...
Pouch has a container escape vulnerability
Pouch is a lightweight container technology that helps Ali deliver internal business faster while improving the utilization of physical resources in hyperscale data centers. Pouch has a container escape vulnerability that can be exploited by an attacker to write arbitrary files on the container's...
CVE-2023-30437
IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293...
Design/Logic Flaw
IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293...
CVE-2023-30437 IBM Security Guardium information disclosure
IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293...
CVE-2023-30437 IBM Security Guardium information disclosure
IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293...
SUSE SLES15 / openSUSE 15 Security Update : nodejs14 (SUSE-SU-2023:3408-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3408-1 advisory. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions...
SUSE-SU-2023:3408-1 Security update for nodejs14
This update for nodejs14 fixes the following issues: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. - CVE-2023-32559: Fixed permissions policies bypass vi...
HTTP Request Smuggling
Haproxy is vulnerable to HTTP Request Smuggling. This vulnerability exists in the HTTP/1 server, which interprets a payload as an extra request due to empty Content-Length headers being forwarded. This allows an attacker to inject malicious payloads into the system...
Amazon Linux 2 : tomcat (ALAS-2023-2216)
The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2216 advisory. A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some...
CVE-2023-40175
An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests...
HTTP Request Smuggling
puma is vulnerable to HTTP Request Smuggling. The vulnerability exists due to processing zero-length content-Length headers and chunked transfer encoding bodies in client.rb, allowing an attacker to smuggle HTTP requests...