Lucene search
K

11647 matches found

Hacker One
Hacker One
added 2019/05/07 8:16 p.m.27 views

Node.js third-party modules: [min-http-server] Stored XSS in the filename when directories listing

I would like to report Stored XSS in module "min-http-server". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: min-http-server version: 1.0.6 npm page:...

3.5CVSS5AI score0.00709EPSS
Exploits1
Hacker One
Hacker One
added 2019/05/07 7:51 a.m.19 views

Node.js third-party modules: [min-http-server] List any file in the folder by using path traversal.

I would like to report Path Traversal in min-http-server. It allows to list any file in another folder of web root. Module module name: min-http-server version: 1.0.6 npm page: https://www.npmjs.com/package/min-http-server Module Description 'min-http-server' is a zero-configuration, lightweight...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/05/07 4:20 a.m.35 views

Important: Red Hat Security Advisory: mod_auth_mellon security update

An update for modauthmellon is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS7.3AI score0.02969EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2019/05/07 4:19 a.m.62 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7AI score0.65005EPSS
Exploits8References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/07 3:55 a.m.43 views

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2019-0211, CVE-2019-0220)

Summary IBM HTTP Server IHS is used by IBM Rational ClearQuest. Information about security vulnerabilities affecting IHS has been published in a security bulletin. CVE-2019-0211 affects version 9 non-windows platforms only. Vulnerability Details Refer to the security bulletins listed in the...

7.8CVSS0.8AI score0.65005EPSS
Exploits8Affected Software1
OpenVAS
OpenVAS
added 2019/05/07 12:0 a.m.62 views

Fedora Update for php FEDORA-2018-08ceba4f8f

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2019/05/07 12:0 a.m.87 views

Fedora Update for php FEDORA-2018-7ebfe1e6f2

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2019/05/07 12:0 a.m.92 views

Fedora Update for php FEDORA-2019-da36d5d484

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.1AI score0.07065EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/05/07 12:0 a.m.98 views

Fedora Update for httpd FEDORA-2019-119b14075a

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.4AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/05/07 12:0 a.m.27 views

RHEL 8 : mod_auth_mellon (RHSA-2019:0985)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0985 advisory. The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants...

8.1CVSS7.7AI score0.02969EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2019/05/07 12:0 a.m.4 views

The vulnerability of the Apache HTTP Server web server, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the Apache HTTP Server is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions when connecting via HTTP/2 modhttp2...

5.3CVSS6.5AI score0.19404EPSS
Exploits0References8Affected Software6
Hacker One
Hacker One
added 2019/05/04 10:15 a.m.23 views

Node.js third-party modules: [larvitbase-api] Unintended Require

I would like to report Unintended Require vulnerability in larvitbase-api It allows loading arbitary non-production code js files. Module module name: larvitbase-api version: 0.5.3 npm page: https://www.npmjs.com/package/larvitbase-api Module Description REST http API base framework based on...

5CVSS0.01289EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/03 7:25 p.m.54 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2018-17199)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products and...

7.5CVSS0.7AI score0.19994EPSS
Exploits0Affected Software1
Fedora
Fedora
added 2019/05/03 1:36 a.m.38 views

[SECURITY] Fedora 28 Update: jetty-9.4.11-3.v20180605.fc28

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

7.5CVSS0.6AI score0.05082EPSS
Exploits0
OpenVAS
OpenVAS
added 2019/05/03 12:0 a.m.29 views

Fedora Update for jetty FEDORA-2019-d9f867cb65

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.05082EPSS
Exploits0References2
Veracode
Veracode
added 2019/05/02 6:45 a.m.41 views

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of serviceDoS attacks. A remote user could send a specially crafted HTTP/2 request to trigger a null pointer dereference in the modhttp2 component and cause the server process to crash...

7.5CVSS8.8AI score0.53939EPSS
Exploits0References40Affected Software2
Veracode
Veracode
added 2019/05/02 6:37 a.m.25 views

Arbitrary Code Execution

GNU Wget is vulnerable to arbitrary code execution. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code...

8.8CVSS8.9AI score0.36563EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2019/05/02 6:29 a.m.14 views

Race condition

The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/htt...

6.9CVSS6.7AI score0.00234EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2019/05/02 6:10 a.m.25 views

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of serviceDoS attacks. This occurs in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted CONTINUATION frames in an HTTP/2 requests with headers larger than the server's...

7.5CVSS7.2AI score0.7907EPSS
Exploits4References49Affected Software4
Veracode
Veracode
added 2019/05/02 6:10 a.m.27 views

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of serviceDoS attacks. A remote attacker could exploit the flaw in httpd's modhttp2 module to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams which leads to application crash...

5.9CVSS5.7AI score0.15327EPSS
Exploits0References40Affected Software1
Rows per page
Query Builder