Lucene search
K

276 matches found

OSV
OSV
added 2024/03/05 12:47 p.m.9 views

SUSE-SU-2024:0765-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing bsc1220239. - CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing bsc1220242. - CVE-2024-26146: Fixed a...

7.5CVSS7.5AI score0.35376EPSS
Exploits2References7
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.25 views

openSUSE: Security Advisory for squid (SUSE-SU-2023:4544-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.3AI score0.05955EPSS
Exploits0References2
NVD
NVD
added 2024/02/26 4:27 p.m.14 views

CVE-2024-23839

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

8.1CVSS7AI score0.00784EPSS
Exploits0References5
OSV
OSV
added 2024/02/26 3:48 p.m.26 views

CVE-2024-23839 Suricata http: heap use after free with http.request_header and http.response_header keywords

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

7.1CVSS7.2AI score0.00784EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 4:6 a.m.35 views

Security Bulletin: Multiple urllib vulnerabilities may affect IBM Storage Scale (CVE-2023-43804)

Summary Multiple vulnerabilities in urllib repo, used by the IBM Storage Scale call home feature, which could allow a remote authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtai...

8.1CVSS6.8AI score0.01207EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/01/30 1:15 a.m.12 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS9.7AI score0.00731EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/01/16 2:36 p.m.377 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-urllib3) security update

An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.8AI score0.01207EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2024/01/11 12:0 a.m.23 views

Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability

This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecureFilter class. The issue results from improper handling of the...

7.3CVSS7.1AI score0.0345EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/01/10 12:7 p.m.56 views

Moderate: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS6.8AI score0.01207EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/01/10 10:50 a.m.57 views

Moderate: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS6.8AI score0.01207EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2024/01/10 12:0 a.m.92 views

Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 urllib3: Request body not stripped after redirect from 303 status changes...

8.1CVSS7.2AI score0.01207EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2023/12/18 12:0 a.m.56 views

fence-agents security update

4.10.0-55.2 - python-certifi: Removal of e-Tugra root certificate CVE-2023-37920 - python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804...

9.8CVSS7AI score0.01207EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/12/12 5:25 p.m.45 views

Moderate: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS6.8AI score0.01207EPSS
Exploits0References3
OSV
OSV
added 2023/12/12 12:0 a.m.36 views

ALSA-2023:7753 Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: python-certifi: Removal of e-Tugra root certificate CVE-2023-37920...

9.8CVSS7.6AI score0.01207EPSS
Exploits0References6
Veracode
Veracode
added 2023/12/01 8:36 a.m.30 views

CRLF Injection

aiohttp is vulnerable to CRLF Injection attack. The vulnerability arises due to improper HTTP version validation in aiohttp/clientreqrep.py. An attacker can preform CRLF injection if they have the ability to modify the HTTP version in the request header...

7.2CVSS7.2AI score0.00874EPSS
Exploits1References6Affected Software1
OpenVAS
OpenVAS
added 2023/11/27 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2023:4545-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.05955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/21 11:39 a.m.38 views

Moderate: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.8CVSS6.8AI score0.01207EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.5 views

The vulnerability of Firefox browser, related to insufficient protection of service data, allows attackers to gain unauthorized access to protected information.

The vulnerability of Firefox browsers is related to insufficient protection of service data during the processing of the Vary response header for comparing request headers. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by sending iterativ...

7.8CVSS6.2AI score0.00634EPSS
Exploits0References10Affected Software3
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.4 views

libhv Injection Vulnerability

libhv is ithewei open source an easier to use than libevent/libuv/asio network library . libhv injection vulnerability , the vulnerability stems from when the use of untrusted user input to set the request header , vulnerable to CRLF injection attacks...

5.4CVSS7.3AI score0.00379EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.396 views

Wp2Fac - OS Command Injection

Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...

7.4AI score
Exploits0
Rows per page
Query Builder