Lucene search
K

62 matches found

SUSE CVE
SUSE CVE
added 2023/07/19 2:2 a.m.4 views

SUSE CVE-2023-38431

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdusize in ksmbdconnhandlerloop, leading to an out-of-bounds read...

9.1CVSS6.7AI score0.01059EPSS
Exploits0References3
Citrix
Citrix
added 2023/05/03 12:0 a.m.7 views

Removing Server HTTP header

...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.6 views

SUSE CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

10CVSS9.4AI score0.24727EPSS
Exploits5References3
OSV
OSV
added 2023/01/31 5:15 a.m.9 views

AZL-13173 CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

7.5CVSS6.6AI score0.01613EPSS
Exploits1References1
OSV
OSV
added 2023/01/06 8:24 p.m.2 views

GHSA-54W6-VXFH-FW7F Http4s improperly parses User-Agent and Server headers

Impact The User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. v0.21.x scala val unsafe: OptionUser-Agent = req.headers.getUser-Agent...

7.5CVSS5.9AI score0.00845EPSS
Exploits1References3
CVE
CVE
added 2023/01/04 3:30 p.m.88 views

CVE-2023-22465

Http4s (Scala HTTP services) has a vulnerability where the User-Agent and Server header parsers can fatal‑error on certain inputs. Affected versions include 0.1.0 up to but not including 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. As a...

7.5CVSS5.6AI score0.00845EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/01/04 3:30 p.m.40 views

CVE-2023-22465 Http4s has fatal error parsing User-Agent and Server headers

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applie...

7.5CVSS7.7AI score0.00845EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/01/04 12:0 a.m.10 views

PT-2023-18517 · Http4S · Http4S

Name of the Vulnerable Software and Affected Versions: Http4s versions 0.1.0 through 0.21.33 Http4s versions 0.22.0 through 0.22.14 Http4s versions 0.23.0 through 0.23.16 Http4s versions 1.0.0-M0 through 1.0.0-M37 Description: The User-Agent and Server header parsers in Http4s are susceptible to ...

7.5CVSS5.2AI score0.00845EPSS
Exploits1References7
OSV
OSV
added 2022/11/23 5:15 p.m.5 views

CVE-2022-38113

This vulnerability discloses build and services versions in the server response header...

5.3CVSS5.8AI score0.00651EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.5 views

PT-2022-24207 · Solarwinds · Solarwinds Sem +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue discloses build and services versions in the server response header. There is no information provided about the estimated number of potential...

5.3CVSS5.1AI score0.00651EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2022/11/03 3:19 a.m.252 views

Exploit for Out-of-bounds Write in Openssl

Detection for CVE-2022-3602 - OpenSSL RCE/DOC v3.0.0 - v3.0.6...

7.5CVSS7.9AI score0.9077EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/01/04 12:0 a.m.377 views

Knockpy 4.1.1 CSV Injection

Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...

7.4AI score
Exploits0
Snyk
Snyk
added 2019/11/26 3:15 a.m.4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers t...

5.3CVSS7.2AI score0.01521EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/10/16 12:0 a.m.5 views

The vulnerability relates to the implementation of the HTTP/2 server using the nginx software framework and Node.js, as well as the SwiftNIO networking library. It involves an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the HTTP/2 server implementation of nginx, a Node.js software platform, and the SwiftNIO networking framework is related to an uncontrolled resource consumption when processing a header with a parameter equal to zero. Exploiting this vulnerability could allow a malicious acto...

7.8CVSS5.5AI score0.56262EPSS
Exploits0References15Affected Software9
Hacker One
Hacker One
added 2018/12/11 4:29 p.m.49 views

RATELIMITED: Server Header disclose The Os and Web server Version

Server header was present and disclosed the version of the web server and OS in HTTP responses. Server header was present and disclosed the version of the web server and OS...

0.7AI score
Exploits0
CNVD
CNVD
added 2018/06/28 12:0 a.m.4 views

Nikto CSV Injection Vulnerability (CNVD-2018-16264)

Nikto is an open source GPL web server scanner that performs a comprehensive multiple scan of web servers, containing over 3300 potentially dangerous files/CGIs; over 625 server versions; and over 230 server-specific issues. Scan items and plugins can be automatically updated if required. Based o...

10CVSS9.4AI score0.24727EPSS
Exploits5References1
OSV
OSV
added 2018/06/01 3:29 p.m.2 views

UBUNTU-CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

9.8CVSS6AI score0.24727EPSS
Exploits5References3
OSV
OSV
added 2018/06/01 3:29 p.m.1 views

DEBIAN-CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

9.8CVSS7.5AI score0.24727EPSS
Exploits5References1
OSV
OSV
added 2018/06/01 3:29 p.m.3 views

ALPINE-CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

9.8CVSS7.5AI score0.24727EPSS
Exploits5References1
Kitploit
Kitploit
added 2018/04/06 8:39 p.m.30 views

C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS

Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor. concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a...

8.1AI score
Exploits0References1
Rows per page
Query Builder