Lucene search
K

16603 matches found

Prion
Prion
added 2023/05/08 9:15 p.m.39 views

Cross site scripting

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io parent package. Older versions are not impacted. A...

4CVSS6.4AI score0.01327EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/05/08 8:21 p.m.23 views

CVE-2023-31125 Uncaught exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io parent package. Older versions are not impacted. A...

6.5CVSS6.7AI score0.01327EPSS
Exploits0References4
OSV
OSV
added 2023/05/08 8:21 p.m.22 views

CVE-2023-31125 Uncaught exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io parent package. Older versions are not impacted. A...

6.5CVSS6.5AI score0.01327EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/05/08 12:0 a.m.43 views

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-1758)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...

9CVSS7AI score0.57941EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/05/08 12:0 a.m.29 views

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-1780)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...

9CVSS7AI score0.57941EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/05/08 12:0 a.m.38 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1737)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.90407EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/05/07 12:0 a.m.41 views

EulerOS Virtualization 3.0.2.0 : httpd (EulerOS-SA-2023-1737)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affec...

9.8CVSS7.8AI score0.90407EPSS
Exploits1References10
Veracode
Veracode
added 2023/05/04 8:47 a.m.8 views

HTTP Request Smuggling

github.com/ory/oathkeeper is vulnerable to HTTP Request Smuggling. The vulnerability exists because the header set by the mutator can be dropped if the headers name is in the Connection header, which results in the downstream server not receiving the X-Subject header...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/05/03 9:56 p.m.35 views

engine.io Uncaught Exception vulnerability

Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. TypeError: Cannot read properties of undefined reading 'handlesUpgrades' at Server.onWebSocket build/server.js:515:67 This impacts all the users of the engine.io...

6.5CVSS6.4AI score0.01327EPSS
Exploits0References6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/03 4:27 p.m.63 views

Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl (CVE-2022-31081)

Summary A vulnerability in libwww-perl could allow an attacker to poison web caches, bypass web application firewall protection, and conduct XSS attacks CVE-2022-31081. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2022-31081 DESCRIPTION: Libwww is vulnerab...

7.3CVSS6.6AI score0.02108EPSS
Exploits1Affected Software2
Rosalinux
Rosalinux
added 2023/05/03 11:17 a.m.60 views

Advisory ROSA-SA-2023-2161

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5.src.rpm CVE-ID: CVE-2022-28614 BDU-ID: 2022-04102 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the aprwrite function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the...

9.8CVSS8.8AI score0.90407EPSS
Exploits6
IBM AIX
IBM AIX
added 2023/05/03 9:23 a.m.116 views

AIX is vulnerable to HTTP request smuggling due to Perl

IBM SECURITY ADVISORY First Issued: Wed May 3 09:23:25 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory6.asc Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl CVE-2022-31081...

7.3CVSS6.1AI score0.02108EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.3 views

PT-2023-9399 · Yealink · Yealink Meeting Server

Name of the Vulnerable Software and Affected Versions: Yealink Meeting Server versions prior to V26.0.0.67 Description: The issue is related to insufficient protection of service data, allowing a remote attacker to gain access to user credentials. This can be achieved by sending an HTTP request...

7.8CVSS7.6AI score0.00472EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 10:50 p.m.37 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Golang Go. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sending a specially-crafted HTTP...

7.5CVSS7.1AI score0.01814EPSS
Exploits1Affected Software1
OSV
OSV
added 2023/05/02 9:31 p.m.38 views

GHSA-22GJ-8QJ2-FJ46 Moodle External Control of File Name or Path vulnerability

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

5.3CVSS5.8AI score0.06583EPSS
Exploits3References12
Github Security Blog
Github Security Blog
added 2023/05/02 9:31 p.m.34 views

Moodle External Control of File Name or Path vulnerability

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

6.5CVSS6AI score0.06583EPSS
Exploits3References12Affected Software1
OSV
OSV
added 2023/05/02 8:15 p.m.19 views

CVE-2023-30943

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

5.3CVSS7.2AI score
Exploits0References6
NVD
NVD
added 2023/05/02 8:15 p.m.18 views

CVE-2023-30943

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

6.5CVSS6.4AI score0.06583EPSS
Exploits3References6
Prion
Prion
added 2023/05/02 8:15 p.m.25 views

Path traversal

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

5CVSS5.4AI score0.06583EPSS
Exploits3References6Affected Software3
UbuntuCve
UbuntuCve
added 2023/05/02 8:15 p.m.167 views

CVE-2023-30943

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

6.5CVSS6.3AI score0.06583EPSS
Exploits3References4
Rows per page
Query Builder