Lucene search
K

16606 matches found

OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.45 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2191)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.8377EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.36 views

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2023-2148)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...

9.8CVSS7AI score0.8377EPSS
Exploits5References4
Amazon
Amazon
added 2023/06/08 12:0 a.m.45 views

Important: squid

Issue Overview: Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. CVE-2016-10003 An issue was...

7.5CVSS7.4AI score0.06846EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/06/07 4:5 p.m.26 views

SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression

SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...

7.5CVSS7AI score0.00732EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/06/07 3:52 p.m.20 views

GHSA-V3R5-PJPM-MWGQ Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7.6AI score0.00549EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/06/07 3:52 p.m.27 views

Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References8Affected Software1
Huntr
Huntr
added 2023/06/07 1:13 p.m.45 views

Unauthenticated Blind SSRF

Description The Oxeye research team found Owncast vulnerable to an Unauthenticated Blind SSRF vulnerability. This vulnerability may allow an unauthenticated attacker to force the Owncast server to send HTTP requests to arbitrary locations using the GET HTTP method. This vulnerability also allows...

6.4CVSS7.5AI score0.01356EPSS
Exploits1
Hacker One
Hacker One
added 2023/06/07 8:5 a.m.16 views

Mozilla: Internal Blind Server-Side Request Forgery (SSRF) allows scanning internal ports

Vulnerability description not provided...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/06/07 12:0 a.m.44 views

EulerOS Virtualization 2.11.0 : httpd (EulerOS-SA-2023-2123)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

9.8CVSS7.5AI score0.8377EPSS
Exploits5References7
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/07 12:0 a.m.16 views

SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression

SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...

7.5CVSS7AI score0.00732EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/07 12:0 a.m.15 views

Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7AI score0.00549EPSS
Exploits0References9Affected Software1
OpenVAS
OpenVAS
added 2023/06/07 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2123)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.8377EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2023/06/07 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2071)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.8377EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2023/06/06 12:0 a.m.34 views

Amazon Linux AMI : squid (ALAS-2023-1757)

The version of squid installed on the remote host is prior to 3.5.20-17.46. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1757 advisory. An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTT...

9.1CVSS7AI score0.0918EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/05 12:30 p.m.6 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
NVD
NVD
added 2023/06/05 12:15 p.m.26 views

CVE-2023-27989

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00ABUV.8C0 could allow a remote authenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

6.5CVSS6.4AI score0.01016EPSS
Exploits0References1
Prion
Prion
added 2023/06/05 12:15 p.m.20 views

Buffer overflow

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00ABUV.8C0 could allow a remote authenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

4CVSS6.4AI score0.01016EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2023/06/05 11:2 a.m.34 views

CVE-2023-27989

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00ABUV.8C0 could allow a remote authenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

6.5CVSS6.6AI score0.01016EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/06/05 12:0 a.m.51 views

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 (RHSA-2023:3354)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3354 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

9.8CVSS7.6AI score0.8377EPSS
Exploits11References30
OSV
OSV
added 2023/06/02 2:15 p.m.12 views

CVE-2023-33476

ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...

9.8CVSS9.4AI score
Exploits0References6
Rows per page
Query Builder