Lucene search
K

16601 matches found

OSV
OSV
added 2023/07/01 12:15 a.m.6 views

AZL-27279 CVE-2023-30589 affecting package nodejs18 for versions less than 18.17.1-2

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References1
OSV
OSV
added 2023/07/01 12:15 a.m.3 views

UBUNTU-CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7AI score0.03906EPSS
Exploits1References4
Prion
Prion
added 2023/07/01 12:15 a.m.25 views

Crlf injection

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

5CVSS7.3AI score0.03906EPSS
Exploits1References8Affected Software2
UbuntuCve
UbuntuCve
added 2023/07/01 12:15 a.m.21 views

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/30 11:39 p.m.25 views

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.8AI score0.03906EPSS
Exploits1References9
CVE
CVE
added 2023/06/30 11:39 p.m.555 views

CVE-2023-30589

CVE-2023-30589 – Node.js (llhttp CRLF handling) – Technical summary The llhttp parser in Node.js’ http module does not strictly use CRLF to delimit HTTP header fields, potentially allowing HTTP Request Smuggling. The CR character alone (without LF) can delimit headers, contrary to RFC7230 which r...

7.5CVSS7.8AI score0.03906EPSS
Exploits1References10Affected Software1
Debian CVE
Debian CVE
added 2023/06/30 11:39 p.m.31 views

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.5AI score0.03906EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2023/06/30 11:39 p.m.66 views

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.9AI score0.03906EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 6:31 p.m.31 views

Security Bulletin: Watson CP4D Data Stores is vulnerable to Golang Go is vulnerable to HTTP request smuggling(CVE-2022-1705)

Summary Potential Golang Go HTTP request smuggling vulnerability CVE-2022-1705 has been identified that may affect Watson CP4D Data Stores Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused ...

6.5CVSS7AI score0.01113EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 6:23 p.m.46 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, cause...

9.8CVSS10AI score0.99931EPSS
Exploits162Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.16 views

Schneider Electric Modicon Improper Input Validation (CVE-2018-7761)

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

9.8CVSS8.9AI score0.02138EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.23 views

Schneider Electric Modicon Improper Input Validation (CVE-2021-22787)

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet...

7.5CVSS7.4AI score0.01012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.24 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2023:2669-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2669-1 advisory. Update to version 18.16.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. ...

7.5CVSS6.8AI score0.03906EPSS
Exploits2References32
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 8:50 p.m.30 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Netty

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Netty. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted...

7.5CVSS7.1AI score0.02682EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 8:36 p.m.32 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Golang Go ( CVE-2022-41721)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Golang Go, caused by a flaw when using MaxBytesHandler CVE-2022-41721. Golang Go is included as part of the operators used by our speech services. This vulnerabilitiy has been...

7.5CVSS7.1AI score0.01814EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/28 12:0 a.m.63 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:2655-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2655-1 advisory. Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. -...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References29
Tenable Nessus
Tenable Nessus
added 2023/06/28 12:0 a.m.26 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:2663-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2663-1 advisory. Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. ...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References29
OSV
OSV
added 2023/06/27 6:27 p.m.7 views

SUSE-SU-2023:2663-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...

7.5CVSS6.6AI score0.03906EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2023/06/26 12:0 a.m.59 views

FortiNAC - External Control of File Name or Path in keyUpload scriptlet (FG-IR-22-300)

The version of Fortinet FortiNAC installed on the remote host is 8.3.x, 8.5.x, 8.6.x, 8.7.x, 8.8.x, 9.1.x prior to 9.1.8, 9.2.x prior to 9.2.6, or 9.4.x prior to 9.4.1. It is, therefore, affected by an external control of file name or path security issue. An unauthenticated, remote attacker can...

9.8CVSS8.7AI score0.99815EPSS
Exploits7References2
NVD
NVD
added 2023/06/23 12:15 p.m.15 views

CVE-2023-30258

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...

9.8CVSS9.9AI score0.9425EPSS
Exploits15References4
Rows per page
Query Builder