CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

275 matches found

Hacker One•added 2019/04/12 8:6 p.m.•40 views

Node.js: Vulnerability in http-parser & embedded NULL header handling

Due to a snafu in how [email protected] is setup to forward see https://github.com/envoyproxy/envoy/issues/5155, the following bug report was not made available prior to disclosure. For completeness, I'm providing the original e-mail below. Please note that this has been fixed in http-parser...

7.5CVSS7.1AI score0.03732EPSS

Exploits1

BDU FSTEC•added 2019/03/01 12:0 a.m.•4 views

The vulnerability of the implementation of the syntactic analyzer („parser“) for HTTP packets by the LIVE555 RTSP server lies in the stack buffer overflow issue, which allows an attacker to execute arbitrary code.

The vulnerability of the HTTP packet syntax analyzer “parser” implemented by the LIVE555 RTSP server is related to an error that causes stack buffer overflow. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created malware package...

9.8CVSS8.9AI score0.09745EPSS

Exploits3References6Affected Software2

Tenable Nessus•added 2019/01/02 12:0 a.m.•24 views

SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:0952-1)

This update for nodejs4 fixes the following issues : - Fix some node-gyp permissions - New upstream maintenance 4.9.1 : - Security fixes : + CVE-2018-7158: Fix for 'path' module regular expression denial of service bsc1087459 + CVE-2018-7159: Reject spaces in HTTP Content-Length header values...

7.5CVSS7.2AI score0.03621EPSS

Exploits0References7

Tenable Nessus•added 2018/09/06 12:0 a.m.•269 views

RHEL 7 : JBoss Core Services (RHSA-2017:1413)

An update is now available for Red Hat JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS7.4AI score0.7907EPSS

Exploits11References16

seebug.org•added 2018/07/30 12:0 a.m.•562 views

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities(CVE-2018-3907 - CVE-2018-3909)

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

9.3AI score0.01435EPSS

Exploits5

seebug.org•added 2018/07/30 12:0 a.m.•579 views

Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability(CVE-2018-3880)

9.3AI score0.01435EPSS

Exploits6

Talos•added 2018/07/26 12:0 a.m.•44 views

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core’s HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

9.1AI score

Exploits0

OpenVAS•added 2018/07/10 12:0 a.m.•29 views

Node.js Improper Input Validation Vulnerability (Mar 2018) - Mac OS X

Node.js is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

5.3CVSS6.9AI score0.03621EPSS

Exploits0References1

Veracode•added 2018/06/26 12:30 p.m.•47 views

HTTP Request Smuggling

jetty-http is vulnerable to HTTP request smuggling attacks. The HTTP parser accepts request headers when the HTTP/0.9 protocol specifically has none, allowing a malicious user to conduct HTTP request smuggling attacks...

7.5CVSS9.1AI score0.06411EPSS

Exploits0References18Affected Software3

CNVD•added 2018/06/07 12:0 a.m.•1 views

Joyent Node.js HTTP Parser Input Validation Vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

5.3CVSS7.4AI score0.03621EPSS

Exploits0References1

UbuntuCve•added 2018/05/17 2:29 p.m.•49 views

CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

5.3CVSS6.7AI score0.03621EPSS

Exploits0References1

Prion•added 2018/05/17 2:29 p.m.•24 views

Input validation

5CVSS6.2AI score0.03621EPSS

Exploits0References3Affected Software1

NVD•added 2018/05/17 2:29 p.m.•19 views

CVE-2018-7159

5.3CVSS6.3AI score0.03621EPSS

Exploits0References3

OSV•added 2018/05/17 2:29 p.m.•1 views

UBUNTU-CVE-2018-7159

5.3CVSS6.7AI score0.03621EPSS

Exploits0References2

OSV•added 2018/05/17 2:29 p.m.•2 views

DEBIAN-CVE-2018-7159

5.3CVSS9AI score0.03621EPSS

Exploits0References1

OSV•added 2018/05/17 2:29 p.m.•32 views

CVE-2018-7159

5.3CVSS7AI score

Exploits0References3

Cvelist•added 2018/05/17 2:0 p.m.•31 views

CVE-2018-7159

6.3AI score0.03621EPSS

Exploits0References3

CVE•added 2018/05/17 2:0 p.m.•245 views

CVE-2018-7159

CVE-2018-7159 affects the Node.js http-parser component: the HTTP parser ignores spaces in Content-Length, allowing Content-Length: 1 2 to be treated as 12. The risk is described as very low in the CVE entry, with exploitation considered difficult. Connected sources confirm this affects http-pars...

5.3CVSS6.2AI score0.03621EPSS

Exploits0References3Affected Software1