CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/02/17 5:0 a.m.•12 views

CVE-2024-21499

4.3CVSS7.1AI score0.00026EPSS

Veracode•added 2024/02/15 7:37 a.m.•26 views

Denial Of Service (DoS)

libsquid.so is vulnerable to Denial Of Service DoS. The vulnerability is due to HTTP header parsing, allowing remote attackers to perform Denial of Service attacks by sending oversized headers...

7.5CVSS6.9AI score0.01301EPSS

Exploits0References3Affected Software2

OSV•added 2024/02/14 9:15 p.m.•2 views

DEBIAN-CVE-2024-25617

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

7.5CVSS6.8AI score0.01301EPSS

Prion•added 2024/02/14 9:15 p.m.•28 views

Design/Logic Flaw

5CVSS7.1AI score0.01301EPSS

OSV•added 2024/02/14 9:15 p.m.•0 views

UBUNTU-CVE-2024-25617

7.5CVSS6.8AI score0.01301EPSS

Exploits0References6

Vulnrichment•added 2024/02/14 8:55 p.m.•24 views

CVE-2024-25617 Denial of Service in HTTP Header parser in squid proxy

5.3CVSS6.8AI score0.01301EPSS

Cvelist•added 2024/02/14 8:55 p.m.•31 views

CVE-2024-25617 Denial of Service in HTTP Header parser in squid proxy

5.3CVSS6.9AI score0.01301EPSS

RedHat Linux•added 2024/02/12 10:38 a.m.•1 views

jetty: Improper validation of HTTP/1 content-length

A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...

5.3CVSS7.1AI score0.04575EPSS

Exploits0References6

NVD•added 2024/02/09 1:15 a.m.•13 views

CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.1CVSS5.8AI score0.0006EPSS

Prion•added 2024/02/09 1:15 a.m.•10 views

Cross site scripting

5.8CVSS6.7AI score0.0006EPSS

Exploits0References2Affected Software1

CVE•added 2024/02/09 12:32 a.m.•52 views

CVE-2023-45190

CVE-2023-45190 affects IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3. The issue is HTTP header injection caused by improper validation of HOST headers, which can enable cross-site scripting, cache poisoning, or session hijacking. Public details consistently cite this vulnerability with t...

6.1CVSS6AI score0.0006EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/02/09 12:32 a.m.•9 views

CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection

5.1CVSS6.3AI score0.0006EPSS

Cvelist•added 2024/02/09 12:32 a.m.•15 views

CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection

5.1CVSS6.1AI score0.0006EPSS

IBM Security Bulletins•added 2024/02/07 8:56 a.m.•22 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3

Summary IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3 Vulnerability Details CVEID:CVE-2023-45187 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing does not invalidate session after logout which could allow an authenticated...

8.8CVSS6AI score0.0006EPSS

Exploits0Affected Software1

Prion•added 2024/02/05 3:15 p.m.•15 views

Design/Logic Flaw

python-multipart is a streaming multipart parser for Python. When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consumi...

5CVSS7.3AI score0.03333EPSS

Exploits1References8Affected Software1

CNVD•added 2024/02/05 12:0 a.m.•18 views

IBM Tivoli Application Dependency Discovery Manager HTTP Header Injection Vulnerability

IBM Tivoli Application Dependency Discovery Manager TADDM is a product in the suite of IT service management solutions from International Business Machines IBM. The product provides robust automated application mapping and discovery to help administrators understand the structure, state,...

10CVSS7AI score0.00103EPSS

NVD•added 2024/02/02 9:15 p.m.•14 views

CVE-2024-23553

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute...

5.4CVSS4.7AI score0.0031EPSS

Prion•added 2024/02/02 9:15 p.m.•15 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute...

4.9CVSS5.9AI score0.0031EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/02/02 9:3 p.m.•15 views

CVE-2024-23553 A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute...

3CVSS5.9AI score0.0031EPSS