Lucene search
K

11652 matches found

Veracode
Veracode
added 2019/01/15 8:57 a.m.49 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS attacks. The vulnerability exists as the deflateinfilter function in moddeflate.c in the moddeflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service resourc...

4.3CVSS4.2AI score0.37156EPSS
Exploits0References65Affected Software141
Veracode
Veracode
added 2019/01/15 8:53 a.m.22 views

Denial Of Service (DoS)

node is vulnerable to denial-of-service. Improper processing of pipelined requests allows a remote attacker to send a large number of pipelined requests to cause high memory and CPU consumption which can result in a denial of service condition in the HTTP server...

5CVSS5.8AI score0.3722EPSS
Exploits3References13Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.43 views

Cross-site Scripting (XSS)

Apache HTTP Server is vulnerable to cross-site scripting XSS attacks. The vulnerability exists in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticat...

4.3CVSS5AI score0.6477EPSS
Exploits1References42Affected Software204
Metasploit
Metasploit
added 2019/01/13 10:31 p.m.39 views

Microsoft Excel .SLK Payload Delivery

This module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to "Enable Content." Once this is pressed, the payload will execute...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2019/01/10 12:0 a.m.21 views

CVE-2018-0282 Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block TCB state. While this...

6.8CVSS6.8AI score0.02004EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.63 views

PHP 5.6.x < 5.6.19 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.19. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file ext/wddx/wddx.c in the phpwddxpopelement function when handling XML data. An unauthenticated,...

9.8CVSS8.9AI score0.35438EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.45 views

PHP 7.0.x < 7.0.4 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.4. It is, therefore, affected by multiple vulnerabilities : - A type confusion error exists in file ext/soap/phphttp.c in the makehttpsoaprequest function when handling cookie data. An...

9.8CVSS9.5AI score0.05666EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2019/01/08 12:0 a.m.63 views

EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1002)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This...

9.8CVSS7.1AI score0.08031EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/01/07 6:0 p.m.28 views

CVE-2019-5489

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

6.8AI score0.00774EPSS
Exploits1References32
CVE
CVE
added 2019/01/07 6:0 p.m.416 views

CVE-2019-5489

CVE-2019-5489 affects the Linux kernel mincore() implementation (mm/mincore.c) up to version 4.19.13. It enables a local attacker to observe page cache access patterns of other processes sharing memory, leading to potential information disclosure; the impact is described as partial confidentialit...

5.5CVSS6.4AI score0.00774EPSS
Exploits1References32Affected Software1
Debian CVE
Debian CVE
added 2019/01/07 6:0 p.m.41 views

CVE-2019-5489

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

5.5CVSS6.8AI score0.00774EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2019/01/07 5:29 p.m.54 views

CVE-2019-5489

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

5.5CVSS6.8AI score0.00774EPSS
Exploits1References6
Prion
Prion
added 2019/01/07 5:29 p.m.31 views

Design/Logic Flaw

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

2.1CVSS6AI score0.00774EPSS
Exploits1References32Affected Software1
OSV
OSV
added 2019/01/07 5:29 p.m.27 views

CVE-2019-5489

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

5.5CVSS6.7AI score
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.39 views

Fedora 28 : httpd (2018-6744ca470d)

This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release : - Low: Possible out of bound read in modcachesocache CVE-2018-1303 - Low: Possible out of bound access after failure in reading the HTTP...

9.8CVSS6.5AI score0.86006EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/12/28 12:0 a.m.38 views

EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1427)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This...

9.8CVSS7.1AI score0.08031EPSS
Exploits0References3
NVD
NVD
added 2018/12/23 2:29 a.m.17 views

CVE-2018-20370

SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...

5.4CVSS5.4AI score0.00515EPSS
Exploits2References1
Prion
Prion
added 2018/12/23 2:29 a.m.16 views

Design/Logic Flaw

SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...

3.5CVSS5.3AI score0.00515EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2018/12/23 2:0 a.m.43 views

CVE-2018-20370

SZ NetChat before 7.9 is vulnerable to Cross-Site Scripting in the Options module (MyName input). The root cause is an XSS flaw in the MyName field, allowing a remote attacker to inject inputs that could compromise the enabled HTTP server web frontend. The public references consistently describe ...

5.4CVSS5.3AI score0.00515EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2018/12/23 2:0 a.m.23 views

CVE-2018-20370

SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...

5.4AI score0.00515EPSS
Exploits2References1
Rows per page
Query Builder