CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11634 matches found

Tenable Nessus•added 2023/11/16 12:0 a.m.•57 views

Oracle Linux 9 : httpd / and / mod_http2 (ELSA-2023-6403)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6403 advisory. - Resolves: 2177753 - CVE-2023-25690 httpd: HTTP request splitting with modrewrite and modproxy modhttp2 Tenable has extracted the preceding description block...

9.8CVSS7AI score0.8377EPSS

Exploits5References2

Tenable Nessus•added 2023/11/16 12:0 a.m.•50 views

SUSE SLES12: apache2 / apache2-devel / apache2-doc / apache2-example-pages / etc (SUSE-SU-2023:4451-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4451-1 advisory. - CVE-2023-31122: Fixed an out of bounds read in modmacro bsc1216424. Non-security fixes: - Fixed the content type handling in modproxyhttp2...

7.5CVSS6.9AI score0.02978EPSS

Exploits0References6

Github Security Blog•added 2023/11/15 12:30 p.m.•42 views

In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...

7.5CVSS6.9AI score0.01124EPSS

Exploits0References4Affected Software1

Prion•added 2023/11/15 10:15 a.m.•23 views

Directory traversal

5CVSS6.8AI score0.01124EPSS

Exploits0References1Affected Software1

CVE•added 2023/11/15 9:46 a.m.•1062 views

CVE-2023-34062

CVE-2023-34062 affects Reactor Netty HTTP Server. Versions 1.1.x prior to 1.1.13 and 1.0.x prior to 1.0.39 are vulnerable when the server is configured to serve static resources. A crafted URL can trigger a directory traversal (path traversal) vulnerability, allowing access to restricted files. T...

7.5CVSS7.2AI score0.01124EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/11/15 9:46 a.m.•15 views

CVE-2023-34062

7.5CVSS6.6AI score0.01124EPSS

Exploits0References1

Cvelist•added 2023/11/15 9:46 a.m.•24 views

CVE-2023-34062

7.5CVSS7.5AI score0.01124EPSS

Exploits0References1

Tenable Nessus•added 2023/11/15 12:0 a.m.•47 views

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-433)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-433 advisory. Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker...

7.5CVSS6.9AI score0.70595EPSS

Exploits1References8

RedHat Linux•added 2023/11/14 3:51 p.m.•34 views

Moderate: Red Hat Security Advisory: mod_auth_openidc:2.3 security and bug fix update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.6AI score0.01327EPSS

Exploits0References6

NVD•added 2023/11/14 10:15 a.m.•20 views

CVE-2023-31247

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS0.01672EPSS

Exploits1References2

OSV•added 2023/11/14 10:15 a.m.•32 views

CVE-2023-31247

9.8CVSS7.3AI score

Exploits0References2

OSV•added 2023/11/14 10:15 a.m.•24 views

CVE-2023-28391

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS7.3AI score

Exploits0References2

OSV•added 2023/11/14 10:15 a.m.•31 views

CVE-2023-27882

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS7.5AI score

Exploits0References2

NVD•added 2023/11/14 10:15 a.m.•22 views

CVE-2023-27882

9.8CVSS0.01778EPSS

Exploits1References2

NVD•added 2023/11/14 10:15 a.m.•18 views

CVE-2023-28379

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS0.01672EPSS

Exploits1References2

OSV•added 2023/11/14 10:15 a.m.•29 views

CVE-2023-28379

9.8CVSS7.3AI score

Exploits0References2

OSV•added 2023/11/14 10:15 a.m.•21 views

CVE-2023-24585

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

9.8CVSS6.8AI score

Exploits0References2

OSV•added 2023/11/14 10:15 a.m.•28 views

CVE-2023-25181

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS7.8AI score

Exploits0References2

NVD•added 2023/11/14 10:15 a.m.•20 views

CVE-2023-24585

9.8CVSS0.01209EPSS

Exploits1References2

NVD•added 2023/11/14 10:15 a.m.•25 views

CVE-2023-25181

9.8CVSS0.01688EPSS

Exploits1References2

Rows per page