Lucene search
K

16599 matches found

Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.28 views

RHEL 8 : nodejs:16 (RHSA-2023:4537)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4537 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References13
OSV
OSV
added 2023/08/08 12:0 a.m.46 views

ALSA-2023:4536 Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18.16.1. BZ2223630, BZ2223631, BZ2223632, BZ2223633, BZ2223635, BZ2223642 Security Fixes: nodejs...

7.5CVSS7.1AI score0.03906EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.34 views

CentOS 8 : nodejs:16 (CESA-2023:4537)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:4537 advisory. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.38 views

CentOS 8 : nodejs:18 (CESA-2023:4536)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4536 advisory. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References5
Veracode
Veracode
added 2023/08/07 10:2 a.m.11 views

HTTP Request Smuggling

protocol-http1 is vulnerable to HTTP Request Smuggling. The vulnerability exists in the read function of chunked.rb due to improper HTTP/1 implementation based on the RFC spec, such as allowing Content-Length header values with a + or 0x prefix, which can lead to HTTP request smuggling and firewa...

5.8CVSS6.8AI score0.00637EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/07 12:0 a.m.40 views

AlmaLinux 8 : ruby:2.7 (ALSA-2021:2584)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2584 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted the...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/07 12:0 a.m.24 views

Fedora 38 : llhttp / python-aiohttp (2023-f75af676f2)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f75af676f2 advisory. Update llhttp to 8.1.1 and python-aiohttp to 3.8.5. Fixes CVE-2023-30589. Tenable has extracted the preceding description block directly from the Fedora...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/08/05 3:48 p.m.50 views

CVE-2023-38697

A flaw was found in the protocol-http1 rubygem package. The protocol-http1 provides a low-level implementation of the HTTP/1 protocol. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially resulting in HTTP request smuggling and firewall bypassing...

5.3CVSS6.3AI score0.00637EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/08/04 8:51 p.m.45 views

CVE-2020-26065

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

6.5CVSS6.3AI score0.01705EPSS
Exploits0References1
CVE
CVE
added 2023/08/04 8:51 p.m.73 views

CVE-2020-26065

CVE-2020-26065 affects Cisco SD-WAN vManage Web UI. The issue is path traversal caused by insufficient validation of HTTP requests, allowing an authenticated, remote attacker to read arbitrary files. Exploitation requires sending crafted HTTP requests containing directory traversal sequences. Cis...

6.5CVSS6.2AI score0.01705EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/08/04 6:15 p.m.15 views

CVE-2023-38697

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.8CVSS5.7AI score0.00637EPSS
Exploits0References4
Prion
Prion
added 2023/08/04 6:15 p.m.15 views

Design/Logic Flaw

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5CVSS4.9AI score0.00637EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/08/04 6:15 p.m.20 views

CVE-2023-38697

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.8CVSS6.1AI score0.00637EPSS
Exploits0References6
CVE
CVE
added 2023/08/04 5:32 p.m.84 views

CVE-2023-38697

The CVE-2023-38697 entry concerns protocol-http1 (HTTP/1) parsing: Falcon’s RFC-compliant checks on Content-Length and chunk size can be bypassed by accepting +, 0x prefixes, and LF in chunk extensions, causing desynchronization across HTTP parsers and enabling HTTP request smuggling or firewall ...

5.8CVSS5AI score0.00637EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/04 5:32 p.m.26 views

CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.8CVSS5.4AI score0.00637EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2023/08/04 5:32 p.m.13 views

CVE-2023-38697

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.8CVSS5.1AI score0.00637EPSS
Exploits0
NVD
NVD
added 2023/08/04 12:15 p.m.26 views

CVE-2023-34037

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests...

5.3CVSS5.2AI score0.00395EPSS
Exploits0References1
Prion
Prion
added 2023/08/04 12:15 p.m.44 views

Design/Logic Flaw

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests...

5CVSS5.1AI score0.00395EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/04 11:18 a.m.32 views

CVE-2023-34037

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests...

5.3CVSS5.5AI score0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/04 11:18 a.m.19 views

CVE-2023-34037

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests...

5.3CVSS6.8AI score0.00395EPSS
Exploits0References1
Rows per page
Query Builder