Lucene search
K

16598 matches found

ATTACKERKB
ATTACKERKB
added 2023/08/29 12:0 a.m.30 views

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS9.3AI score0.84967EPSS
In wildExploits0References5
Vulnrichment
Vulnrichment
added 2023/08/29 12:0 a.m.25 views

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.6CVSS6.8AI score0.84967EPSS
Exploits0References2
CVE
CVE
added 2023/08/29 12:0 a.m.335 views

CVE-2023-41265

CVE-2023-41265 affects Qlik Sense Enterprise for Windows. The issue is an HTTP Request Smuggling vulnerability caused by tunneling HTTP requests in the raw HTTP traffic, enabling a remote attacker to escalate privileges by crafting requests that execute on the backend repository server. Affected ...

9.9CVSS9.2AI score0.84967EPSS
In wildExploits0References3Affected Software1
NVD
NVD
added 2023/08/28 4:15 p.m.23 views

CVE-2023-1997

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...

8.8CVSS9.1AI score0.01724EPSS
Exploits0References1
Prion
Prion
added 2023/08/28 4:15 p.m.27 views

Command injection

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...

6.5CVSS9AI score0.01724EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/28 3:37 p.m.25 views

CVE-2023-1997 OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...

8.8CVSS9.2AI score0.01724EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/28 3:37 p.m.16 views

CVE-2023-1997 OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...

8.8CVSS7.6AI score0.01724EPSS
Exploits0References1
OSV
OSV
added 2023/08/28 12:12 p.m.7 views

SUSE-SU-2023:3455-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using...

9.8CVSS7.9AI score0.03906EPSS
Exploits2References15
Positive Technologies
Positive Technologies
added 2023/08/28 12:0 a.m.6 views

PT-2023-17399 · Dassault Systèmes · Simulia 3Dorchestrate

Name of the Vulnerable Software and Affected Versions: SIMULIA 3DOrchestrate versions 3DEXPERIENCE R2021x through 3DEXPERIENCE R2023x Description: An OS Command Injection issue exists, allowing arbitrary command execution through a specially crafted HTTP request. Recommendations: For SIMULIA...

8.8CVSS9AI score0.01724EPSS
Exploits0References7
CNVD
CNVD
added 2023/08/28 12:0 a.m.8 views

Pouch has a container escape vulnerability

Pouch is a lightweight container technology that helps Ali deliver internal business faster while improving the utilization of physical resources in hyperscale data centers. Pouch has a container escape vulnerability that can be exploited by an attacker to write arbitrary files on the container's...

6.9AI score
Exploits0
NVD
NVD
added 2023/08/27 11:15 p.m.11 views

CVE-2023-30437

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293...

5.3CVSS5.5AI score0.00522EPSS
Exploits0References2
Prion
Prion
added 2023/08/27 11:15 p.m.24 views

Design/Logic Flaw

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293...

5CVSS5.1AI score0.00522EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/27 10:24 p.m.15 views

CVE-2023-30437 IBM Security Guardium information disclosure

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293...

5.3CVSS5.2AI score0.00522EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/27 10:24 p.m.11 views

CVE-2023-30437 IBM Security Guardium information disclosure

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293...

5.3CVSS6.3AI score0.00522EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.34 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs14 (SUSE-SU-2023:3408-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3408-1 advisory. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions...

9.8CVSS6.8AI score0.03906EPSS
Exploits2References19
OSV
OSV
added 2023/08/23 6:11 p.m.10 views

SUSE-SU-2023:3408-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. - CVE-2023-32559: Fixed permissions policies bypass vi...

9.8CVSS7.8AI score0.03906EPSS
Exploits2References13
Veracode
Veracode
added 2023/08/23 12:33 p.m.32 views

HTTP Request Smuggling

Haproxy is vulnerable to HTTP Request Smuggling. This vulnerability exists in the HTTP/1 server, which interprets a payload as an extra request due to empty Content-Length headers being forwarded. This allows an attacker to inject malicious payloads into the system...

7.2CVSS7.3AI score0.01815EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/23 12:0 a.m.39 views

Amazon Linux 2 : tomcat (ALAS-2023-2216)

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2216 advisory. A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some...

5.8CVSS7.4AI score0.09386EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/08/22 5:50 p.m.124 views

CVE-2023-40175

An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests...

7.3CVSS8.9AI score0.00738EPSS
Exploits0References4
Veracode
Veracode
added 2023/08/22 2:17 p.m.55 views

HTTP Request Smuggling

puma is vulnerable to HTTP Request Smuggling. The vulnerability exists due to processing zero-length content-Length headers and chunked transfer encoding bodies in client.rb, allowing an attacker to smuggle HTTP requests...

9.8CVSS6.8AI score0.00738EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder