Lucene search
K

11645 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.2 views

SUSE CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...

4.9CVSS8.1AI score0.52873EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.8 views

SUSE CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

4.8CVSS6.6AI score0.02879EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.3 views

SUSE CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

7.5CVSS6.9AI score0.90039EPSS
Exploits2References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.9 views

SUSE CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

5.3CVSS7AI score0.58716EPSS
Exploits2References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.2 views

SUSE CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

8.1CVSS6.9AI score0.49089EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.2 views

SUSE CVE-2021-26690

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

8.1CVSS9.1AI score0.65067EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.1 views

SUSE CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

7.4CVSS9.1AI score0.0199EPSS
Exploits0References44
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.2 views

SUSE CVE-2021-39275

apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...

7.5CVSS7.3AI score0.36339EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.2 views

SUSE CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

7.5CVSS7.5AI score0.82295EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.6 views

SUSE CVE-2022-21628

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

5.3CVSS5.9AI score0.02038EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.5 views

SUSE CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

5.9CVSS8.1AI score0.69803EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.5 views

SUSE CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

7.4CVSS8.5AI score0.05729EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.2 views

SUSE CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...

9.8CVSS9.3AI score0.07663EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

3.7CVSS6.7AI score0.01788EPSS
Exploits1References102
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.2 views

SUSE CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

7.4CVSS7.7AI score0.57941EPSS
Exploits0References10
CVE
CVE
added 2023/02/15 12:0 a.m.66 views

CVE-2023-23848

The CVE-2023-23848 entry concerns missing permission checks in the Synopsys Jenkins Coverity Plugin (versions

4.3CVSS4.5AI score0.0052EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.2 views

Jenkins Plugin Synopsys Coverity 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.0052EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.15 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.8AI score0.0052EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.7 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5AI score0.0052EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/02/15 12:0 a.m.24 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS5.9AI score0.0052EPSS
Exploits0References3
Rows per page
Query Builder