Lucene search
K

11652 matches found

RedHat Linux
RedHat Linux
added 2019/01/22 1:42 p.m.146 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 6 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

7.5CVSS7AI score0.94494EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2019/01/22 1:36 p.m.143 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 6 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

7.5CVSS7AI score0.94494EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2019/01/22 12:0 a.m.41 views

EulerOS Virtualization 2.5.1 : httpd (EulerOS-SA-2019-1015)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound...

9.8CVSS6.5AI score0.86006EPSS
Exploits0References5
Talos
Talos
added 2019/01/21 12:0 a.m.60 views

Bitdefender BOX 2 bootstrap download_image command injection vulnerability

Summary An exploitable command injection vulnerability exists in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands...

10CVSS9.2AI score0.04234EPSS
Exploits1
Talos
Talos
added 2019/01/21 12:0 a.m.64 views

Bitdefender BOX 2 bootstrap update_setup command execution vulnerability

Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...

9.3CVSS8.2AI score0.01948EPSS
Exploits0
Fedora
Fedora
added 2019/01/19 2:27 a.m.26 views

[SECURITY] Fedora 29 Update: php-7.2.14-1.fc29

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

7.5CVSS0.4AI score0.07065EPSS
Exploits0
Fedora
Fedora
added 2019/01/19 1:55 a.m.43 views

[SECURITY] Fedora 28 Update: php-7.2.14-1.fc28

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

7.5CVSS0.4AI score0.07065EPSS
Exploits0
OSV
OSV
added 2019/01/16 7:30 p.m.2 views

CVE-2019-2414

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: Web Listener. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to...

7.8CVSS7.1AI score0.00452EPSS
Exploits0References2
NVD
NVD
added 2019/01/16 7:30 p.m.23 views

CVE-2019-2414

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: Web Listener. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to...

7.8CVSS7.4AI score0.00452EPSS
Exploits0References2
CVE
CVE
added 2019/01/16 7:0 p.m.62 views

CVE-2019-2414

CVE-2019-2414 affects Oracle Fusion Middleware's Oracle HTTP Server Web Listener. Affected version shown as 12.2.1.3 (NVD). A Nessus plugin references 12.1.2.3 in the January 2019 CPU. The vulnerability is exploitable by a low-privilege user with valid logon, potentially enabling takeover of the ...

7.8CVSS7.8AI score0.00452EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/01/16 7:0 p.m.25 views

CVE-2019-2414

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: Web Listener. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to...

7.5AI score0.00452EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2019/01/16 7:0 p.m.12 views

CVE-2019-2414

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: Web Listener. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to...

6.6AI score0.00452EPSS
Exploits0References2
Talos Blog
Talos Blog
added 2019/01/15 12:2 p.m.83 views

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities

Vulnerability discovery and research by Jared Rittle and Carl Hurd of Cisco Talos. Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...

0.2AI score
Exploits0
Veracode
Veracode
added 2019/01/15 9:18 a.m.51 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS attacks. The vulnerability exists as Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security...

7.5CVSS6.7AI score0.13252EPSS
Exploits0References67Affected Software5
Veracode
Veracode
added 2019/01/15 9:13 a.m.42 views

Denial Of Service (DoS)

commons-fileupload is vulnerable to denial of service attacks. The vulnerability can be triggered because the HTTP server does not properly filter the file upload requests which has the size of MIME boundary close to the size of the buffer in MultipartStream...

7.5CVSS7.5AI score0.35927EPSS
Exploits0References58Affected Software79
Veracode
Veracode
added 2019/01/15 9:7 a.m.31 views

HTTP Request Smuggling

httpd is vulnerable to HTTP request smuggling attacks. The vulnerability exists as the chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted reques...

5CVSS5.8AI score0.73327EPSS
Exploits0References73Affected Software12
Veracode
Veracode
added 2019/01/15 9:3 a.m.35 views

Authorization Bypass

httpd24-httpd is vulnerable to authorization bypass attacks. The vulnerability exists as the modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding...

5CVSS4.9AI score0.60205EPSS
Exploits2References68Affected Software9
Veracode
Veracode
added 2019/01/15 9:2 a.m.62 views

Arbitrary File Overwrite

bash is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have...

9.8CVSS9.6AI score0.99999EPSS
Exploits140References163Affected Software1
Veracode
Veracode
added 2019/01/15 8:57 a.m.39 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS attacks. The vulnerability exists as moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in whi...

4.3CVSS5.9AI score0.29484EPSS
Exploits3References60Affected Software98
Veracode
Veracode
added 2019/01/15 8:57 a.m.35 views

Denial Of Service

The httpd packages is susceptible to a denial of service. The vulnerability is possible due to a NULL pointer dereference flaw in the modcache httpd module. A malicious HTTP server causes the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching...

4.3CVSS5.8AI score0.11534EPSS
Exploits0References30Affected Software1
Rows per page
Query Builder