Lucene search
K

16600 matches found

Rosalinux
Rosalinux
added 2023/08/01 12:58 p.m.39 views

Advisory ROSA-SA-2023-2203

Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

9.8CVSS7.8AI score0.23293EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 9:43 a.m.60 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js

Summary Vulnerabilities in node.js before 18.16.1 affect the Node.js component that is used by IBM Event Streams CVE-2023-30581, CVE-2023-30589, CVE-2023-30585, CVE-2023-30590, CVE-2023-30588. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30589 DESCRIPTION: Node....

7.5CVSS8.1AI score0.03906EPSS
Exploits1Affected Software1
Packet Storm
Packet Storm
added 2023/08/01 12:0 a.m.283 views

Eramba 3.19.1 Remote Command Execution

Trovent Security Advisory 2303-01 Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community...

7.1AI score0.57359EPSS
Exploits6
OpenVAS
OpenVAS
added 2023/08/01 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2502)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.8377EPSS
Exploits5References2
RedHat Linux
RedHat Linux
added 2023/07/31 9:37 a.m.43 views

Moderate: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.6AI score0.03906EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/07/31 9:36 a.m.3 views

nodejs: HTTP Request Smuggling via Empty headers separated by CR

A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

7.5CVSS7.1AI score0.03906EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2023/07/31 12:0 a.m.58 views

Moderate: nodejs security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 16.20.1. BZ2223334, BZ2223336, BZ2223338, BZ2223340, BZ2223342, BZ2223344 Security Fixes: nodejs...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References10
AlmaLinux
AlmaLinux
added 2023/07/31 12:0 a.m.71 views

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18. BZ2223314, BZ2223316, BZ2223318, BZ2223319, BZ2223320, BZ2223354 Security Fixes: nodejs:...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/07/31 12:0 a.m.29 views

RHEL 9 : nodejs (RHSA-2023:4331)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4331 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References13
Packet Storm
Packet Storm
added 2023/07/31 12:0 a.m.308 views

Rudder Server SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rudder Server SQLI Remote Code Execution', 'Description' = %q This Metasploit module exploits a SQL injection vulnerability in RudderStack's...

8.8CVSS7.1AI score0.85825EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2023/07/31 12:0 a.m.24 views

RHEL 9 : nodejs:18 (RHSA-2023:4330)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4330 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References12
OpenVAS
OpenVAS
added 2023/07/31 12:0 a.m.44 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2462)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.8377EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2023/07/28 5:49 a.m.19 views

CVE-2023-38285

A vulnerability was found in Trustwave's ModSecurity project due to an inefficient algorithmic complexity flaw. This issue is present in four transformation actions: removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could...

7.5CVSS6AI score0.00771EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2023/07/28 12:0 a.m.331 views

Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)

Exploit Title: Availability Booking Calendar v1.0 - Multiple Cross-site scripting XSS Date: 07/2023 Exploit Author: Andrey Stoykov Tested on: Ubuntu 20.04 Blog: http://msecureltd.blogspot.com XSS 1: Steps to Reproduce: 1. Browse to Bookings 2. Select All Bookings 3. Edit booking and select Promo...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/28 12:0 a.m.58 views

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2023-2462)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack...

9.8CVSS7AI score0.8377EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.42 views

EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2023-2425)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

9.8CVSS7AI score0.8377EPSS
Exploits5References4
Prion
Prion
added 2023/07/25 8:15 p.m.25 views

Design/Logic Flaw

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...

5CVSS7.6AI score0.00683EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.27 views

Cisco NX-OS Software NX-API Denial of Service (CVE-2020-3170)

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could...

5.3CVSS5.8AI score0.01449EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/07/24 6:12 a.m.27 views

CVE-2023-37788

A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk ""...

7.5CVSS6.9AI score0.00841EPSS
Exploits1References6
Veracode
Veracode
added 2023/07/23 4:52 a.m.30 views

HTTP Request Smuggling (HRS)

llhttp is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists because the http.js does not properly handle the CRLF sequence, allowing an attacker to smuggle HTTP requests by submitting Line feed LF characters without a Carriage Return CR...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References11Affected Software3
Rows per page
Query Builder