Lucene search
K

16599 matches found

Veracode
Veracode
added 2023/08/16 12:7 a.m.15 views

HTTP Request Smuggling

tornado is vulnerable to HTTP Request Smuggling. Tornado deviates from HTTP RFCs by interpreting the characters -, +, and in chunk length and Content-Length values. When used behind proxies that interpret non-standard characters differently, which can lead to request smuggling...

6.9AI score
Exploits0
CNVD
CNVD
added 2023/08/16 12:0 a.m.17 views

Zyxel NBG6604 Command Injection Vulnerability (CNVD-2023-64085)

The Zyxel NBG6604 is a dual-band wireless router from China's Hopkins Zyxel. The Zyxel NBG6604 V1.01ABIR.1C0 suffers from a command injection vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the NTP function. An attacker can...

8.8CVSS7.7AI score0.0143EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/08/15 12:0 a.m.34 views

Oracle Linux 8 : nodejs:16 (ELSA-2023-4537)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4537 advisory. - Rebase to 16.20.1 Resolves: rhbz2188289 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Tenable has extracted the preceding...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References5
OSV
OSV
added 2023/08/14 10:15 p.m.11 views

CVE-2023-40518

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...

7.5CVSS7.2AI score
Exploits0References2
Prion
Prion
added 2023/08/14 10:15 p.m.27 views

Design/Logic Flaw

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...

5CVSS7.6AI score0.00545EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/14 5:15 p.m.18 views

Command injection

A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...

6.5CVSS8.8AI score0.0143EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/14 4:16 p.m.9 views

CVE-2023-33013

A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...

8.8CVSS7.7AI score0.0143EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/14 4:16 p.m.23 views

CVE-2023-33013

A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...

8.8CVSS9AI score0.0143EPSS
Exploits0References1
OSV
OSV
added 2023/08/14 8:19 a.m.10 views

SUSE-SU-2023:3306-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. - CVE-2023-32559: Fixed permissions policies bypass vi...

9.8CVSS7.8AI score0.03906EPSS
Exploits2References13
Cvelist
Cvelist
added 2023/08/14 12:0 a.m.24 views

CVE-2023-40518

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...

7.8AI score0.00545EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/14 12:0 a.m.11 views

CVE-2023-40518

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...

6.9AI score0.00545EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/08/11 12:0 a.m.9 views

The vulnerability of the VMware Horizon Server virtualization server, related to improper checking of HTTP requests, allows an attacker to compromise the integrity of protected information.

The vulnerability of the VMware Horizon Server virtualization server lies in improper handling of HTTP requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information from a remote location...

5.3CVSS5.9AI score0.00395EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/10 12:0 a.m.53 views

VMware Horizon Server < 2111.2 / < 2209.1 / < 2212.1 / < 2306 Multiple Vulnerabilities (VMSA-2023-0017)

The version of VMware Horizon Server installed on the remote Windows host is prior to 2111.2, 2206 or 2209 prior to 2209.1, 2212 prior to 2212.1 or 2302. It is, therefore affected by multiple vulnerabilities: - An HTTP request smuggling vulnerability whereby malicious actor with network access ma...

5.3CVSS5.7AI score0.00409EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/09 6:58 a.m.31 views

CVE-2023-33934 Apache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1...

9.4AI score0.01087EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/09 12:0 a.m.29 views

AlmaLinux 8 : nodejs:16 (ALSA-2023:4537)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4537 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/09 12:0 a.m.43 views

AlmaLinux 8 : nodejs:18 (ALSA-2023:4536)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4536 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References5
Rockylinux
Rockylinux
added 2023/08/08 12:34 p.m.41 views

nodejs:16 security, bug fix, and enhancement update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

7.5CVSS6.8AI score0.03906EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2023/08/08 8:46 a.m.65 views

Moderate: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.6AI score0.03906EPSS
Exploits1References7
AlmaLinux
AlmaLinux
added 2023/08/08 12:0 a.m.69 views

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18.16.1. BZ2223630, BZ2223631, BZ2223632, BZ2223633, BZ2223635, BZ2223642 Security Fixes: nodejs...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.31 views

Rocky Linux 8 : nodejs:16 (RLSA-2023:4537)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4537 advisory. - The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References11
Rows per page
Query Builder