Lucene search
K

313 matches found

Tenable Nessus
Tenable Nessus
added 2024/09/10 12:0 a.m.22 views

NewStart CGSL MAIN 6.02 : python-requests Vulnerability (NS-SA-2024-0058)

The remote NewStart CGSL host, running version MAIN 6.02, has python-requests packages installed that are affected by a vulnerability: - A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie...

6.8CVSS7.4AI score0.03408EPSS
Exploits0References3
NVD
NVD
added 2024/08/14 9:15 p.m.24 views

CVE-2024-42353

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...

6.1CVSS0.00497EPSS
Exploits1References2
CNVD
CNVD
added 2024/08/14 12:0 a.m.8 views

Siemens SINEC Traffic Analyzer Information Disclosure Vulnerability

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communications between controllers and IO devices. An information disclosure vulnerability exists in Siemens SINEC Traffic Analyzer that stems from the application not properly handling cacheable HTTP responses in...

6.5CVSS5.9AI score0.00233EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 8:15 a.m.32 views

CVE-2024-41906

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache...

6.5CVSS0.00233EPSS
Exploits0References1
CVE
CVE
added 2024/08/13 7:54 a.m.55 views

CVE-2024-41906

CVE-2024-41906 affects Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) versions prior to V2.0. The vulnerability arises from improper handling of cacheable HTTP responses in the web service, enabling an attacker to read and potentially modify data stored in the local cache. Affected products ...

6.5CVSS6.3AI score0.00233EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/13 7:54 a.m.34 views

CVE-2024-41906

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache...

6.3CVSS0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/13 7:54 a.m.17 views

CVE-2024-41906

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache...

6.3CVSS6.4AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2024/07/17 6:15 p.m.2 views

CVE-2023-42010

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507...

3.7CVSS5.7AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/17 12:0 a.m.2 views

IBM Sterling B2B Integrator 安全漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A security vulnerability exists i...

3.7CVSS6.4AI score0.00314EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2024/05/24 5:8 p.m.66 views

K000139764: Apache HTTPD vulnerability CVE-2023-38709

Security Advisory Description Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 Impact This vulnerability allows malicious or exploitable...

7.3CVSS7.3AI score0.03914EPSS
Exploits0Affected Software15
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.16 views

Fedora 40 : llhttp / python-aiohttp (2023-f2bb9ee617)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f2bb9ee617 advisory. python-aiohttp 3.8.6 2023-10-07 https://github.com/aio-libs/aiohttp/blob/v3.8.6/CHANGES.rst386-2023-10-07 Security bugfixes - Upgraded llhttp to v9.1.3:...

5.8AI score
Exploits0References1
Veracode
Veracode
added 2024/04/10 9:15 p.m.39 views

Improper Input Validation

Apache is vulnerable to Improper Input Validation. The vulnerability is caused due to inadequate input validation, which can be exploited by attackers to manipulate HTTP responses...

6.5AI score0.03914EPSS
Exploits0References8Affected Software7
OSV
OSV
added 2024/04/06 6:17 p.m.150 views

BIT-APACHE-2023-38709 Apache HTTP Server: HTTP response splitting

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS7.3AI score0.03914EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2024/04/04 8:15 p.m.87 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS6.9AI score0.03914EPSS
Exploits0References8
OSV
OSV
added 2024/04/04 7:19 p.m.57 views

CVE-2023-38709 Apache HTTP Server: HTTP response splitting

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS6.7AI score0.03914EPSS
Exploits0References13
CVE
CVE
added 2024/04/04 7:19 p.m.4940 views

CVE-2023-38709

CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...

7.3CVSS7.1AI score0.03914EPSS
Exploits0References11Affected Software1
Rockylinux
Rockylinux
added 2024/03/12 3:41 p.m.51 views

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

8.1CVSS8AI score0.00937EPSS
Exploits1
CNVD
CNVD
added 2024/03/06 12:0 a.m.18 views

IBM CICS TX Advanced Information Disclosure Vulnerability

IBM CICS TX Advanced is a transaction processing monitoring system from International Business Machines IBM for running large-scale, high-transaction-volume applications in enterprise environments. An information disclosure vulnerability exists in IBM CICS TX Advanced version 10.1, which stems fr...

5.3CVSS5.9AI score0.0047EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/03/05 12:0 a.m.18 views

CentOS: Security Advisory for firefox (CESA-2024:0976)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.1AI score0.00937EPSS
Exploits1References2
Prion
Prion
added 2024/03/04 4:15 p.m.19 views

Design/Logic Flaw

IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814...

5CVSS6.2AI score0.0047EPSS
Exploits0References2
Rows per page
Query Builder