Lucene search
+L

137 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.33 views

CBL Mariner 2.0 Security Update: python-twisted (CVE-2022-24801)

The version of python-twisted installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24801 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to...

8.1CVSS7.6AI score0.028EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.5 views

SUSE CVE-2018-4013

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...

9.8CVSS9.5AI score0.09487EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.2 views

SUSE CVE-2019-15892

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Servic...

7.5CVSS7.5AI score0.05789EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/01/10 8:35 p.m.46 views

CVE-2023-21538

A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...

7.5CVSS7.5AI score0.0274EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/05/12 5:1 p.m.26 views

CVE-2022-24910

A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

8.2CVSS7.3AI score0.01256EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.5 views

Cisco Adaptive Security Appliances Software 缓冲区错误漏洞

Cisco Adaptive Security Appliances Software is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides highly secure access to data and network resources and other features. A buffer overflow vulnerability exists in the Cisco Adaptive Security...

8.5CVSS6.1AI score0.01101EPSS
Exploits0References6
OSV
OSV
added 2022/03/17 1:15 p.m.6 views

UBUNTU-CVE-2022-24761

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and...

7.5CVSS7AI score0.0178EPSS
Exploits0References7
Hacker One
Hacker One
added 2021/03/09 3:24 a.m.43 views

U.S. Dept Of Defense: HTTP Request Smuggling

hello dear support I have found HTTP Request Smuggling on www.████████ Issue description ============== HTTP request smuggling vulnerabilities arise when websites route HTTP requests through webservers with inconsistent HTTP parsing. By supplying a request that gets interpreted as being different...

7.4AI score
Exploits0
Ubuntu
Ubuntu
added 2020/09/30 1:18 p.m.75 views

USN-4558-1: libapreq2 vulnerabilities

It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash...

7.5CVSS6.8AI score0.03941EPSS
Exploits0
CNVD
CNVD
added 2020/05/13 12:0 a.m.6 views

Microsoft Edge Spoofing Vulnerability (CNVD-2020-61594)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge, which stems from the program's failure to properly parse HTTP content. An attacker could exploit the vulnerability to lure users by...

4.3CVSS6.5AI score0.01999EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/03/10 12:0 a.m.49 views

FreeBSD : Node.js -- multiple vulnerabilities (0032400f-624f-11ea-b495-000d3ab229d6)

Node.js reports : Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.j...

9.8CVSS7.5AI score0.57132EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.114 views

CentOS 7 : http-parser (RHSA-2020:0703)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0703 advisory. - HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed CVE-2019-15605 Note that Nessus has not...

9.8CVSS8.1AI score0.57132EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/03/05 12:0 a.m.38 views

CentOS: Security Advisory for http-parser (CESA-2020:0703)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9AI score0.57132EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2020/02/06 12:0 a.m.77 views

Node.js -- multiple vulnerabilities

Node.js reports: Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.js...

9.8CVSS9.1AI score0.57132EPSS
Exploits2References1
Node JS Blog
Node JS Blog
added 2020/02/06 12:0 a.m.49 views

February 2020 Security Releases

February 2020 Security Releases Update 6-February-2020 Security releases available Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.js versions can be...

9.8CVSS9AI score0.57132EPSS
Exploits2
NVD
NVD
added 2019/11/26 3:15 a.m.41 views

CVE-2019-15276

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially...

7.7CVSS6.6AI score0.46305EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2019/11/26 3:12 a.m.11 views

CVE-2019-15276 Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially...

7.7CVSS7AI score0.46305EPSS
Exploits5References2
CVE
CVE
added 2019/11/26 3:12 a.m.153 views

CVE-2019-15276

CVE-2019-15276: Cisco Wireless LAN Controller HTTP parsing DoS . The vulnerability affects Cisco WLC software (versions 8.4–8.9, 8.10 fixed) where the HTTP parsing engine fails to handle specially crafted URLs. An attacker with low privileges (or a user who can be lured to click a crafted URL) ca...

7.7CVSS6.5AI score0.46305EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2019/11/26 3:12 a.m.37 views

CVE-2019-15276 Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially...

7.7CVSS6.5AI score0.46305EPSS
Exploits5References2
OSV
OSV
added 2019/10/10 1:6 a.m.4 views

UBUNTU-CVE-2019-17420

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the httpheader signature to not alert on a response with a single \r\n ending...

5.3CVSS5.8AI score0.01355EPSS
Exploits0References5
Rows per page
Query Builder