GHSA-QPX3-9565-5XWM KubeEdge CloudCore Router memory exhaustion vulnerability

Impact The CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes ...

CVE-2022-31078 KubeEdge CloudCore Router memory exhaustion

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...

CVE-2017-20011

A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. Th...

CVE-2017-20011

A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. Th...

CVE-2017-20011 WEKA INTEREST Security Scanner HTTP denial of service

A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. Th...

CVE-2017-20011

WEKA INTEREST Security Scanner 1.8 is affected. The vulnerability resides in the HTTP Handler and arises from manipulating an unknown input, causing a denial of service. The attack can be launched on the local host, and the exploit has been publicly disclosed. Note that this vulnerability affects...

PT-2022-7884 · Weka · Weka Interest Security Scanner

Name of the Vulnerable Software and Affected Versions: WEKA INTEREST Security Scanner version 1.8 Description: A problem was found in the HTTP Handler component of the software. This issue can be exploited by manipulating an unknown input, leading to denial of service. The attack can be launched ...

CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

Remote Code Execution (RCE)

nodemailer is vulnerable to remote code execution. The vulnerability exists due to the lack of sanitization of the HTTP handler of the header...

Information Disclosure

channels is vulnerable to information disclosure. The legacy channels.http.AsgiHandler class used for handling HTTP type requests in an ASGI environment incorrectly separates request scopes which would result in a crash and responses could be sent to the wrong client, resulting in disclosure of...

CVE-2019-5645

CVE-2019-5645 is a denial-of-service issue affecting the Rapid7 Metasploit HTTP(S) handler. The provided DoS payloads register a malicious regular expression via a specially crafted HTTP GET/request to the handler, causing the server to evaluate the expression and potentially either block new HTT...

CVE-2019-19790

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart...

Path traversal

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart...

CVE-2019-19790

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart...

CVE-2019-19790

CVE-2019-19790 affects Telerik UI for ASP.NET AJAX RadChart. The vulnerability is a path traversal in RadChart that allows a remote attacker to read and delete image files with extensions .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server via a specially crafted request. Root cau...

PT-2019-15960 · Telerik · Telerik Ui For Asp.Net Ajax

Name of the Vulnerable Software and Affected Versions: Telerik UI for ASP.NET AJAX versions all versions of RadChart Description: The issue allows a remote attacker to read and delete specific image files on the server through a specially crafted request, exploiting path traversal in RadChart. Th...

CVE-2019-0388

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

CVE-2019-0388

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

Design/Logic Flaw

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

CVE-2019-0388

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...