Lucene search
K

5909 matches found

Vulnrichment
Vulnrichment
added 2024/05/02 9:20 a.m.22 views

CVE-2024-32638 Apache APISIX: Forward-Auth Request Smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...

6.4AI score0.01065EPSS
Exploits0References2
OSV
OSV
added 2024/05/01 5:15 p.m.2 views

CVE-2024-25015

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278...

7.5CVSS5.8AI score0.00925EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/01 4:16 p.m.19 views

CVE-2024-25015 IBM MQ denial of service

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278...

7.5CVSS6.5AI score0.00925EPSS
Exploits0References2
CVE
CVE
added 2024/05/01 4:16 p.m.73 views

CVE-2024-25015

IBM MQ has a vulnerability CVE-2024-25015 affecting IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru where a remote attacker could cause a denial of service by sending HTTP requests that consume all available resources. The CVSS base score is 7.5 (NETWORK, NO privileges, no user interaction...

7.5CVSS7.2AI score0.00925EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/01 3:31 p.m.7152 views

CVE-2023-40533

CVE-2023-40533 is a duplicate of CVE-2022-40468 and is not a separate active vulnerability entry. Connected advisories confirm Tinyproxy vulnerabilities affecting header handling and heap data leakage (notably CVE-2022-40468 and related issues) with remediation through updates to Tinyproxy. Debia...

6.3AI score
Exploits0
OSV
OSV
added 2024/05/01 8:29 a.m.20 views

GHSA-4JRX-5W4H-3GPM Navidrome Parameter Tampering vulnerability

Summary Parameter tampering is a vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. Details The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist,...

4.2CVSS4.2AI score0.00413EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/05/01 8:29 a.m.22 views

Navidrome Parameter Tampering vulnerability

Summary Parameter tampering is a vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. Details The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist,...

4.2CVSS7AI score0.00413EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2024/05/01 7:15 a.m.17 views

CVE-2024-32963

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...

7AI score0.00413EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/05/01 6:39 a.m.10 views

CVE-2024-32963 Parameter Tampering vulnerability in Navidrome

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...

4.2CVSS6.6AI score0.00413EPSS
Exploits1References1
CVE
CVE
added 2024/05/01 6:39 a.m.62 views

CVE-2024-32963

Navidrome exposes a parameter tampering vulnerability in HTTP requests that allows an attacker to mutate request body parameters and impersonate other users. The flaw enables actions such as creating playlists, adding songs, posting comments, changing a playlist to public, and assigning the admin...

4.2CVSS6.5AI score0.00413EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/05/01 6:39 a.m.32 views

CVE-2024-32963 Parameter Tampering vulnerability in Navidrome

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...

4.2CVSS4.6AI score0.00413EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/04/30 10:36 a.m.1 views

freeipa: specially crafted HTTP requests potentially lead to denial of service

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service...

5.3CVSS5.8AI score0.0111EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/04/30 10:8 a.m.3 views

golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...

5.3CVSS7.3AI score0.01208EPSS
Exploits0References5
OSV
OSV
added 2024/04/30 12:0 a.m.24 views

ALSA-2024:2147 Moderate: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: specially crafted HTTP requests potentially lead to denial of service CVE-2024-1481 For more...

5.3CVSS5.7AI score0.0111EPSS
Exploits1References4
OSV
OSV
added 2024/04/30 12:0 a.m.28 views

ALSA-2024:2160 Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: html/template: improper handling of HTML-like comments within script contexts...

6.1CVSS7.2AI score0.01208EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.38 views

Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: html/template: improper handling of HTML-like comments within script contexts...

6.1CVSS7.9AI score0.01208EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.35 views

Moderate: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: specially crafted HTTP requests potentially lead to denial of service CVE-2024-1481 For more...

5.3CVSS6.8AI score0.0111EPSS
Exploits1References4
OSV
OSV
added 2024/04/30 12:0 a.m.40 views

ALSA-2024:2272 Moderate: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

7.5CVSS7.1AI score0.0125EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.34 views

RHEL 9 : buildah (RHSA-2024:2245)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2245 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

7.5CVSS7.2AI score0.0125EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.35 views

Moderate: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP reques...

7.5CVSS7.2AI score0.0125EPSS
Exploits0References6
Rows per page
Query Builder