16602 matches found
CVE-2023-23841
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...
Cross site request forgery (csrf)
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data...
CVE-2023-23841
SolarWinds Serv-U exposes sensitive information via an HTTP request when updating File Share/File request attributes. Part of the request URL leaks data. Affected product: SolarWinds Serv‑U File Server (versions prior to 15.4 per vendor advisory). CVSSv3.1 base score 7.5 (HIGH) with NETWORK reach...
CVE-2023-23841 SolarWinds Serv-U Exposure of Sensitive Information Vulnerability
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...
CVE-2023-23841 SolarWinds Serv-U Exposure of Sensitive Information Vulnerability
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...
Caucho Resin 4.0.52 - 4.0.56 Path Traversal Vulnerability - Active Check
Caucho Resin is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:caucho:resin";...
Caucho Resin Path Traversal Vulnerability (CVE-2001-0399) - Active Check
Caucho Resin is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:caucho:resin";...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat (CVE-2022-42252).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to...
Security Bulletin: OpenPages with Watson has addressed Node.js vulnerability (CVE-2022-32213)
Summary Node.js is not used by IBM OpenPages with Watson core product however it is used by the installer server and agents components. A HTTP request smuggling vulnerability in Node.js is addressed within OpenPages with Watson. Vulnerability Details CVEID:CVE-2022-32213 DESCRIPTION: Node.js is...
CVE-2023-2827
SAP Plant Connectivity - version 15.5 PCo or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token JWT in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send...
Design/Logic Flaw
SAP Plant Connectivity - version 15.5 PCo or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token JWT in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send...
CVE-2023-2827 Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital
SAP Plant Connectivity - version 15.5 PCo or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token JWT in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send...
EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2023-2240)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...
SolarWinds Serv-U < 15.4 Exposure of Sensitive Information (CVE-2023-23841)
The version of SolarWinds Serv-U installed on the remote host is prior to 15.4. It is, therefore, affected by an exposure of sensitive information vulnerability as referenced in the vendor advisory. - SolarWinds Serv-U submits an HTTP request when changing or updating the File Share or File reque...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2191)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : squid (ALAS-2023-1766)
The version of squid installed on the remote host is prior to 3.5.20-17.48. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1766 advisory. Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in...
EulerOS 2.0 SP8 : httpd (EulerOS-SA-2023-2191)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affect...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2148)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : httpd (EulerOS-SA-2023-2148)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...
Important: squid
Issue Overview: Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. CVE-2016-10003 An issue was...