Lucene search
K

16600 matches found

CVE
CVE
added 2023/07/18 12:0 a.m.48 views

CVE-2023-38434

The CVE-2023-38434 issue affects the xHTTP server library (xhttp.c) where a double-free occurs in close_connection when handling a malformed HTTP request method. Root cause: freeing conn->request.public.headers.list twice. Impact: potential crash/denial of service (availability). A publicly do...

7.5CVSS7.6AI score0.009EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/07/18 12:0 a.m.28 views

CVE-2023-38434

xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...

7.8AI score0.009EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/07/18 12:0 a.m.13 views

CVE-2023-38434

xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...

7AI score0.009EPSS
Exploits2References1
GitLab Advisory Database
GitLab Advisory Database
added 2023/07/18 12:0 a.m.50 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

8.8CVSS8.2AI score0.05354EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.38 views

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2023:2861-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2861-1 advisory. Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. -...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References29
Veracode
Veracode
added 2023/07/17 9:10 a.m.28 views

XML External Entity (XXE) Attacks

External Monitor Job Type Plugin is vulnerable to XML External Entity XXE Attacks. The vulnerability exists because it does not properly configure the XML parser which allows an attacker with Item/Build permission to parse a crafted HTTP request with XML data, resulting in external entity XXE...

6.5CVSS6.6AI score0.00507EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.29 views

Jenkins External Monitor Job Type Plugin XML external entity vulnerability

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Build permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extracti...

6.5CVSS6.6AI score0.00507EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/12 6:30 p.m.19 views

GHSA-G4C3-4F3V-84X8 Jenkins External Monitor Job Type Plugin XML external entity vulnerability

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Build permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extracti...

6.5CVSS6.3AI score0.00507EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.5 views

PT-2023-5832 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: The vulnerability is related to a heap-based buffer overflow in the HTTP request processing referer of D-Link DIR-3040 routers. This issue allows network-adjacent attackers to execu...

8.8CVSS9AI score0.00846EPSS
Exploits0References8
Prion
Prion
added 2023/07/11 3:15 a.m.21 views

Design/Logic Flaw

SAP Solution Manager Diagnostics agent - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can...

6.4CVSS7AI score0.00536EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2023/07/11 12:0 a.m.193 views

Ateme TITAN File 3.9 - SSRF File Enumeration Vulnerability

Exploit Title: Ateme TITAN File 3.9 - SSRF File Enumeration Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD,...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/07/11 12:0 a.m.342 views

Spring Cloud 3.2.2 - Remote Command Execution Exploit

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

9.8CVSS7.1AI score0.99939EPSS
Exploits36
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.213 views

Ateme TITAN File 3.9 - SSRF File Enumeration

Exploit Title: Ateme TITAN File 3.9 - SSRF File Enumeration Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD,...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2023/07/10 12:0 a.m.24 views

Mageia: Security Advisory (MGASA-2023-0226)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.7CVSS6.8AI score0.03906EPSS
Exploits1References5
OSV
OSV
added 2023/07/06 3:15 p.m.3 views

CVE-2023-25123

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS6.3AI score0.01318EPSS
Exploits1References2
NVD
NVD
added 2023/07/06 3:15 p.m.13 views

CVE-2023-25118

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.6AI score0.01318EPSS
Exploits1References2
NVD
NVD
added 2023/07/06 3:15 p.m.14 views

CVE-2023-25119

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2
NVD
NVD
added 2023/07/06 3:15 p.m.23 views

CVE-2023-25124

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.01405EPSS
Exploits1References2
NVD
NVD
added 2023/07/06 3:15 p.m.13 views

CVE-2023-25120

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2
NVD
NVD
added 2023/07/06 3:15 p.m.18 views

CVE-2023-25123

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2
Rows per page
Query Builder