Lucene search
K

5908 matches found

The Hacker News
The Hacker News
added 2024/10/24 12:41 p.m.35 views

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...

9.9CVSS8.7AI score0.15953EPSS
Exploits0
NVD
NVD
added 2024/10/23 6:15 p.m.19 views

CVE-2024-20424

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...

9.9CVSS0.00941EPSS
Exploits0References1
Cisco
Cisco
added 2024/10/23 4:0 p.m.15 views

Cisco Secure Firewall Management Center Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...

9.9CVSS9.8AI score0.00941EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/22 12:0 a.m.14 views

CVE-2024-45518

An issue was discovered in Zimbra Collaboration ZCS 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery SSRF due to improper input sanitization and misconfigured domain whitelisting. Th...

0.20301EPSS
Exploits0References7
OSV
OSV
added 2024/10/16 5:15 p.m.2 views

CVE-2024-20463

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET...

7.1CVSS5.8AI score0.00342EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.8 views

Amazon Linux 2 : python-pip (ALAS-2024-2652)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2652 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However,...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
NVD
NVD
added 2024/10/15 7:15 a.m.15 views

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...

8.6CVSS0.01016EPSS
Exploits0References3
OSV
OSV
added 2024/10/15 7:15 a.m.15 views

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...

7.5CVSS6.8AI score
Exploits0References3
CVE
CVE
added 2024/10/15 6:10 a.m.61 views

CVE-2024-46898

SHIRASAGI before v1.19.1 is vulnerable to a path traversal issue caused by improper handling of URLs in HTTP requests. The vulnerability may allow an attacker to retrieve arbitrary server files when processing crafted HTTP requests. Mitigation: upgrade to SHIRASAGI v1.19.1 (or later) as released ...

8.6CVSS6.9AI score0.01016EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/15 6:10 a.m.8 views

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...

8.6CVSS6.9AI score0.01016EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/15 12:0 a.m.14 views

JVN#58721679: SHIRASAGI vulnerable to path traversal

SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability CWE-22. Impact When processing crafted HTTP requests, arbitrary files on the server may be retrieved. Solution Update the software Update the software to the latest...

8.6CVSS7.6AI score0.01016EPSS
Exploits0
NVD
NVD
added 2024/10/14 2:15 p.m.18 views

CVE-2024-8602

When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...

6.3CVSS0.00393EPSS
Exploits1References2
CVE
CVE
added 2024/10/14 1:10 p.m.45 views

CVE-2024-8602

CVE-2024-8602 concerns XXE in XML parsing from PDFs via the default DocumentBuilder settings in taxstatement.jar. Connected data confirms affected software: taxstatement.jar versions 2.2.2 and 2.2.4. Root cause: DocumentBuilder configured to allow external entities, enabling an XML external entit...

6.3CVSS6.4AI score0.00393EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/14 1:10 p.m.25 views

CVE-2024-8602 XML Eternal Entity Attack in the Software Library taxstatement.jar

When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...

6.3CVSS0.00393EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/10/13 12:0 a.m.30 views

CBL Mariner 2.0 Security Update: python-webob (CVE-2024-42353)

The version of python-webob installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42353 advisory. - WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header...

6.1CVSS6.2AI score0.00497EPSS
Exploits1References2
NVD
NVD
added 2024/10/11 3:15 p.m.20 views

CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

7.5CVSS0.00438EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.4 views

H2O 访问控制错误漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. H2O suffers from an access control error vulnerability that stems from the fact that access control does not detect and prohibit HTTP requests conveyed by packets with spoofed source addresses, allowin...

7.5CVSS6.7AI score0.00438EPSS
Exploits0References4
NVD
NVD
added 2024/10/10 10:15 p.m.16 views

CVE-2024-47167

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...

9.8CVSS0.00463EPSS
Exploits0References1
OSV
OSV
added 2024/10/10 10:15 p.m.8 views

PYSEC-2024-215

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...

9.8CVSS9.4AI score0.00463EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/10 10:1 p.m.25 views

Gradio vulnerable to SSRF in the path parameter of /queue/join

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable...

9.8CVSS6.7AI score0.00463EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder