CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8307 matches found

OSV•added 2024/05/20 8:15 a.m.•1 views

DEBIAN-CVE-2024-1968

In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in...

7.5CVSS7.4AI score0.0019EPSS

Exploits1References1

SUSE CVE•added 2024/05/17 2:54 a.m.•1 views

SUSE CVE-2024-32020

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...

3.9CVSS6.2AI score0.00181EPSS

Exploits1References9

CNNVD•added 2024/05/17 12:0 a.m.•1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the inability of the conntrack nfconfirm logic to handle cloned skb's referencing the same nfconn entry, whi...

4.7CVSS6.3AI score0.00003EPSS

Exploits0References7

OSV•added 2024/05/14 8:14 p.m.•0 views

GHSA-4QQQ-9VQF-3H3F Scrapy leaks the authorization header on same-domain but cross-origin redirects

Impact Since version 2.11.1, Scrapy drops the Authorization header when a request is redirected to a different domain. However, it keeps the header if the domain remains the same but the scheme http/https or the port change, all scenarios where the header should also be dropped. In the context of...

5.9CVSS7.1AI score0.0019EPSS

Exploits1References4

Github Security Blog•added 2024/05/14 8:14 p.m.•17 views

Scrapy leaks the authorization header on same-domain but cross-origin redirects

7.5CVSS7AI score0.0019EPSS

Exploits1References4Affected Software1

OSV•added 2024/05/14 7:15 p.m.•1 views

ALPINE-CVE-2024-32020

3.3CVSS6.5AI score0.00181EPSS

Exploits1References1

OSV•added 2024/05/14 7:15 p.m.•1 views

DEBIAN-CVE-2024-32020

3.9CVSS6.3AI score0.00181EPSS

Exploits1References1

OSV•added 2024/05/14 7:15 p.m.•1 views

AZL-42037 CVE-2024-32020 affecting package git for versions less than 2.39.4-1

3.9CVSS6.7AI score0.00181EPSS

Exploits1References1

OSV•added 2024/05/14 7:15 p.m.•0 views

UBUNTU-CVE-2024-32020

3.9CVSS6.8AI score0.00181EPSS

Exploits1References7

OSV•added 2024/05/14 7:29 a.m.•69 views

BIT-PHP-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS7.3AI score0.08698EPSS

Exploits0References7

Tenable Nessus•added 2024/05/08 12:0 a.m.•37 views

Debian dla-3810 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3810 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3810-1 [email protected]...

6.5CVSS7.2AI score0.15416EPSS

Exploits3References8

Positive Technologies•added 2024/05/06 12:0 a.m.•3 views

PT-2024-13094 · Linux · Linux

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue is related to memory corruption that occurs when multiple listeners are being registered with the same file descriptor. Recommendations: At the moment, there is no information about...

7.8CVSS7.1AI score0.0003EPSS

Exploits0References7

CNNVD•added 2024/05/06 12:0 a.m.•1 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when multiple listeners are registered to the same file descriptor...

7.8CVSS6.9AI score0.0003EPSS

Exploits0References2

CNNVD•added 2024/05/02 12:0 a.m.•3 views

DELL ECS Connection Manager 安全漏洞

DELL ECS Connection Manager is a software from Dell USA for managing enterprise cloud storage. A security vulnerability exists in DELL ECS Connection Manager that originates from allowing an unauthenticated attacker to access computers on the same network in an HA or cluster group via an IP...

7.5CVSS6.5AI score0.00242EPSS

Exploits0References3

Positive Technologies•added 2024/04/30 12:0 a.m.•2 views

PT-2024-5152 · Ibm · Ibm Cloud Pak For Security +1

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Security CP4S versions 1.10.0.0 through 1.10.11.0 IBM QRadar Suite for Software versions 1.10.12.0 through 1.10.19.0 Description: The issue is related to errors in security settings, specifically the failure to set the...

5.9CVSS6AI score0.00069EPSS

Exploits0References10

OSV•added 2024/04/29 4:15 a.m.•1 views

AZL-40070 CVE-2024-2756 affecting package php for versions less than 8.1.28-1

6.5CVSS6.4AI score0.08698EPSS

Exploits0References1

Cvelist•added 2024/04/29 3:34 a.m.•36 views

CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

6.5CVSS7.5AI score0.08698EPSS

Exploits0References4

CVE•added 2024/04/29 3:34 a.m.•200 views

CVE-2024-2756

The connected advisories confirm CVE-2024-2756 describes a host/secure cookie bypass resulting from an incomplete fix to CVE-2022-31629 in PHP. Affected PHP versions include Astra Linux’s note: pre-7.4.31, pre-8.0.24, and pre-8.1.11 are vulnerable. Other advisories (ALAS and AlmaLinux) reiterate ...

6.5CVSS7.4AI score0.08698EPSS

Exploits0References6