Lucene search
K

16602 matches found

NVD
NVD
added 2023/06/15 10:15 p.m.14 views

CVE-2023-23841

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...

7.5CVSS7.6AI score0.00455EPSS
Exploits0References2
Prion
Prion
added 2023/06/15 10:15 p.m.32 views

Cross site request forgery (csrf)

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data...

5CVSS7.6AI score0.00455EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/15 12:0 a.m.55 views

CVE-2023-23841

SolarWinds Serv-U exposes sensitive information via an HTTP request when updating File Share/File request attributes. Part of the request URL leaks data. Affected product: SolarWinds Serv‑U File Server (versions prior to 15.4 per vendor advisory). CVSSv3.1 base score 7.5 (HIGH) with NETWORK reach...

7.5CVSS7.4AI score0.00455EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/15 12:0 a.m.15 views

CVE-2023-23841 SolarWinds Serv-U Exposure of Sensitive Information Vulnerability

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...

7.5CVSS7.4AI score0.00455EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/15 12:0 a.m.14 views

CVE-2023-23841 SolarWinds Serv-U Exposure of Sensitive Information Vulnerability

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...

7.5CVSS7.8AI score0.00455EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/06/15 12:0 a.m.21 views

Caucho Resin 4.0.52 - 4.0.56 Path Traversal Vulnerability - Active Check

Caucho Resin is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:caucho:resin";...

7.5CVSS7.7AI score0.14115EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/06/15 12:0 a.m.11 views

Caucho Resin Path Traversal Vulnerability (CVE-2001-0399) - Active Check

Caucho Resin is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:caucho:resin";...

5CVSS6.7AI score0.0284EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/13 8:57 p.m.25 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat (CVE-2022-42252).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to...

7.5CVSS7.2AI score0.01448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/13 2:24 p.m.29 views

Security Bulletin: OpenPages with Watson has addressed Node.js vulnerability (CVE-2022-32213)

Summary Node.js is not used by IBM OpenPages with Watson core product however it is used by the installer server and agents components. A HTTP request smuggling vulnerability in Node.js is addressed within OpenPages with Watson. Vulnerability Details CVEID:CVE-2022-32213 DESCRIPTION: Node.js is...

6.5CVSS7.2AI score0.35079EPSS
Exploits1Affected Software1
NVD
NVD
added 2023/06/13 3:15 a.m.14 views

CVE-2023-2827

SAP Plant Connectivity - version 15.5 PCo or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token JWT in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send...

7.9CVSS7.8AI score0.00285EPSS
Exploits0References2
Prion
Prion
added 2023/06/13 3:15 a.m.21 views

Design/Logic Flaw

SAP Plant Connectivity - version 15.5 PCo or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token JWT in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send...

2.7CVSS6.6AI score0.00285EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/06/13 2:36 a.m.19 views

CVE-2023-2827 Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital

SAP Plant Connectivity - version 15.5 PCo or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token JWT in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send...

7.9CVSS8.5AI score0.00285EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.38 views

EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2023-2240)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

9CVSS7AI score0.57941EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.91 views

SolarWinds Serv-U < 15.4 Exposure of Sensitive Information (CVE-2023-23841)

The version of SolarWinds Serv-U installed on the remote host is prior to 15.4. It is, therefore, affected by an exposure of sensitive information vulnerability as referenced in the vendor advisory. - SolarWinds Serv-U submits an HTTP request when changing or updating the File Share or File reque...

7.5CVSS7.4AI score0.00455EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.45 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2191)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.8377EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.33 views

Amazon Linux AMI : squid (ALAS-2023-1766)

The version of squid installed on the remote host is prior to 3.5.20-17.48. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1766 advisory. Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in...

7.5CVSS6.6AI score0.06846EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.49 views

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2023-2191)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affect...

9.8CVSS7AI score0.8377EPSS
Exploits5References3
OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.37 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2148)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.2AI score0.8377EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.36 views

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2023-2148)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...

9.8CVSS7AI score0.8377EPSS
Exploits5References4
Amazon
Amazon
added 2023/06/08 12:0 a.m.45 views

Important: squid

Issue Overview: Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. CVE-2016-10003 An issue was...

7.5CVSS7.4AI score0.06846EPSS
Exploits0
Rows per page
Query Builder