Lucene search
K

276 matches found

Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.6 views

PT-2024-13840 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 4.1.x through 4.1.16 Mastodon versions 4.2.x through 4.2.8 Description: The issue allows a bypass of rate limiting via a crafted HTTP request header. This means that an attacker can send a specially designed HTTP request...

7.5CVSS6.2AI score0.00458EPSS
Exploits0References10
NVD
NVD
added 2024/10/03 6:15 p.m.18 views

CVE-2024-34535

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...

5.9CVSS0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/03 12:0 a.m.21 views

CVE-2024-34535

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...

0.00371EPSS
Exploits0References2
OSV
OSV
added 2024/09/03 12:0 a.m.22 views

ALSA-2024:6162 Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

6.5CVSS6AI score0.01141EPSS
Exploits1References4
Redos
Redos
added 2024/07/26 12:0 a.m.303 views

ROS-20240726-08

Vulnerability in the httpjson component of Elastick Stack Filebeat is due to a bug in the input data of the httpjson, because of which the contents of the Authorization or Proxy-Authorization http-request header may into the debug logs. Exploitation of the vulnerability could allow an attacker...

5.5CVSS6.4AI score0.00182EPSS
Exploits0
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.4 views

GitLab Access Control Error Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An access control error vulnerability exists in GitLab CE/EE, which stems from...

5.3CVSS7AI score0.00432EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.4 views

October Security breach

October is a content management system CMS and web platform from October Open Source. A security vulnerability exists in October prior to version 3.5.15, which stems from the X-October-Request-Handler header that does not clean up AJAX handler names and allows unescaped HTML to be reflected back...

5.4CVSS6.5AI score0.00263EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2024/06/14 1:59 p.m.37 views

python39:3.9 and python39-devel:3.9 security update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...

8.1CVSS7.1AI score0.02617EPSS
Exploits3
OSV
OSV
added 2024/06/14 1:59 p.m.45 views

RLSA-2024:2985 Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.1CVSS7.3AI score0.02617EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2024/05/22 10:20 a.m.118 views

Moderate: Red Hat Security Advisory: python27:2.7 security update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.7AI score0.04268EPSS
Exploits5References7
OSV
OSV
added 2024/05/22 12:0 a.m.26 views

ALSA-2024:2986 Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 For more details about the security issues, including the impact, a CVSS...

8.1CVSS7.5AI score0.01207EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.17 views

RHEL 6 : python-urllib3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-urllib3: CRLF injection via HTTP request method CVE-2020-26137 - python-urllib3: Cookie request...

8.5AI score0.02269EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 4 : python_cgihandler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Python CGIHandler: sets environmental variable based on user supplied Proxy request header CVE-2016-1000110 Note th...

6.4AI score0.04526EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.25 views

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2024:0187)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0187 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fixes: Cookie request header isn't stripped during cross-origin redirect...

8.1CVSS7.4AI score0.01207EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.37 views

RHEL 8 : Satellite 6.14.1 Async Security Update (Moderate) (RHSA-2023:7851)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7851 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

8.1CVSS7AI score0.01207EPSS
Exploits3References24
Vulnrichment
Vulnrichment
added 2024/04/12 9:8 p.m.21 views

CVE-2024-28869 Possible denial of service vulnerability with Content-length header in Traefik

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of...

7.5CVSS7AI score0.01046EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/04/12 5:5 p.m.34 views

Traefik vulnerable to denial of service with Content-length header

There is a potential vulnerability in Traefik managing requests with Content-length and no body . Sending a GET request to any Traefik endpoint with the Content-length request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to...

7.5CVSS6.9AI score0.01046EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2024/04/08 9:28 a.m.7 views

SUSE-SU-2024:1131-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing bsc1220239. - CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing bsc1220242. - CVE-2024-26146: Fixed a...

7.5CVSS6.9AI score0.35376EPSS
Exploits2References7
OSV
OSV
added 2024/03/20 9:27 a.m.7 views

SUSE-SU-2024:0946-1 Security update for rubygem-rack-1_4

This update for rubygem-rack-14 fixes the following issues: - CVE-2024-25126: Fixed a Denial of Service Vulnerability in Rack Content-Type Parsing bsc1220239 - CVE-2024-26141: Fixed a Denial of Service Vulnerability in Range request header parsing bsc1220242 - CVE-2024-26146: Fixed a Denial of...

7.5CVSS7.6AI score0.35376EPSS
Exploits2References7
OSV
OSV
added 2024/03/06 10:59 a.m.26 views

BIT-OPENRESTY-2020-36309

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

5.3CVSS6AI score0.01313EPSS
Exploits0References6
Rows per page
Query Builder