Lucene search
K

11646 matches found

Prion
Prion
added 2019/06/24 9:15 p.m.12 views

Directory traversal

The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files i.e., a history of print files, and more are exposed to unauthenticated attackers through this HTTP server...

5CVSS7.1AI score0.01172EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/06/24 8:42 p.m.17 views

CVE-2014-9699

The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files i.e., a history of print files, and more are exposed to unauthenticated attackers through this HTTP server...

7.6AI score0.01172EPSS
Exploits0References2
Prion
Prion
added 2019/06/24 5:15 p.m.19 views

Buffer overflow

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler SEH address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to...

5.8CVSS9AI score0.52093EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2019/06/24 2:15 p.m.16 views

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

4.3CVSS4.6AI score0.01006EPSS
Exploits1References2
Prion
Prion
added 2019/06/24 2:15 p.m.16 views

Design/Logic Flaw

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

4CVSS4.6AI score0.01006EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/06/24 1:7 p.m.24 views

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

4.6AI score0.01006EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2019/06/24 12:0 a.m.256 views

ABB IDAL HTTP Server Stack-Based Buffer Overflow

XL-19-011 - ABB IDAL HTTP Server Stack-Based Buffer Overflow Vulnerability ======================================================================== Identifiers ----------- XL-19-011 CVE-2019-7232 ABBVU-IAMF-1902009 CVSS Score ---------- 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected vendor...

0.9AI score0.52093EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/06/24 12:0 a.m.251 views

ABB IDAL HTTP Server Uncontrolled Format String

XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability ======================================================================== Identifiers ----------- XL-19-012 CVE-2019-7228 ABBVU-IAMF-1902007 CVSS Score ---------- 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected vendor...

0.1AI score0.03713EPSS
Exploits2
Prion
Prion
added 2019/06/21 3:15 a.m.18 views

Cross site request forgery (csrf)

A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...

6.8CVSS9AI score0.00974EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/06/21 2:20 a.m.20 views

CVE-2019-1904 Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...

8.8CVSS9.2AI score0.00974EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2019/06/21 12:0 a.m.118 views

ABB IDAL HTTP Server Authentication Bypass

XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability ======================================================================== Identifiers ----------- XL-19-010 CVE-2019-7226 ABBVU-IAMF-1902005 CVSS Score ---------- 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected vendor...

0.0526EPSS
Exploits2
Prion
Prion
added 2019/06/20 4:15 p.m.15 views

Stack overflow

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd Firmware Version 3 allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm...

9CVSS7.5AI score0.34131EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/06/19 12:0 a.m.251 views

openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)

Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel pani...

8.8CVSS7.3AI score0.98745EPSS
Exploits11References93
RedHat Linux
RedHat Linux
added 2019/06/18 7:8 p.m.185 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 2 packages for Microsoft Windows and Oracle Solaris are now available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.8CVSS7.2AI score0.65005EPSS
Exploits12References12
Prion
Prion
added 2019/06/14 2:29 p.m.18 views

Authentication flaw

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...

5CVSS7.9AI score0.08848EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/13 7:15 p.m.64 views

Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Controller. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and the IBM® Runtime Environment Java™ Technology Edition, Version 8 that are used by IBM...

10CVSS0.9AI score0.73327EPSS
Exploits12Affected Software1
ThreatPost
ThreatPost
added 2019/06/13 1:57 p.m.163 views

High-Severity Cisco Flaw in IOS XE Enables Device Takeover

Cisco has patched a high-severity vulnerability in its software for routers and switches, which could enable a remote attacker to reconfigure or execute commands on impacted devices. IOS XE, a Linux-based version of Cisco’s Internetworking Operating System IOS, is software for Cisco routers and...

6.8CVSS1.8AI score0.00974EPSS
Exploits0References6
NVD
NVD
added 2019/06/11 10:29 p.m.19 views

CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

4.9CVSS5.6AI score0.08441EPSS
Exploits0References30
OSV
OSV
added 2019/06/11 10:29 p.m.3 views

DEBIAN-CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

4.2CVSS6.7AI score0.08441EPSS
Exploits0References1
OSV
OSV
added 2019/06/11 10:29 p.m.29 views

CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

4.2CVSS6.4AI score
Exploits0References30
Rows per page
Query Builder