Lucene search
K

275 matches found

Cvelist
Cvelist
added 2020/12/11 12:51 a.m.26 views

CVE-2020-28216

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

7.4AI score0.005EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.9 views

Schneider Electric Easergy T300 安全漏洞

Easergy T300 is a new generation intelligent terminal for distribution network automation, which is designed with the concept of "Modularity, Flexibility, and Application Oriented", and can be widely used in medium voltage distribution network management, fault location, isolation, and restoratio...

7.5CVSS7.1AI score0.005EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2020/11/18 12:0 a.m.10 views

SQL Injection Over HTTP Traffic (CVE-2020-11530; CVE-2020-17463; CVE-2020-17506; CVE-2020-25990; CVE-2020-27481; CVE-2020-5766; CVE-2020-8655; CVE-2020-8656; CVE-2020-9465)

SQL Injection Over HTTP Traffic...

9.3CVSS0.9AI score0.95657EPSS
Exploits38
Check Point Advisories
Check Point Advisories
added 2020/11/18 12:0 a.m.26 views

Arbitrary Code Execution Over HTTP Traffic (CVE-2011-2523; CVE-2019-18345; CVE-2019-19143; CVE-2020-15492; CVE-2020-16210; CVE-2020-21526; CVE-2020-24379; CVE-2020-6142; CVE-2020-8010; CVE-2020-9380)

Arbitrary Code Execution Over HTTP Traffic...

10CVSS1AI score0.96184EPSS
Exploits56
OSV
OSV
added 2020/10/16 9:15 p.m.6 views

CVE-2020-1684

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when...

7.5CVSS7.1AI score0.01047EPSS
Exploits0References1
NVD
NVD
added 2020/10/16 9:15 p.m.17 views

CVE-2020-1684

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when...

7.5CVSS0.01047EPSS
Exploits0References1
Prion
Prion
added 2020/10/16 9:15 p.m.23 views

Design/Logic Flaw

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when...

4.3CVSS8.5AI score0.01047EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2020/10/08 8:30 p.m.52 views

C41N - An Automated Rogue Access Point Setup Tool

c41n is an automated Rogue Access Point setup tool. c41n provides automated setup of several types of Rogue Access Points, and Evil Twin attacks. c41n sets up an access point with user defined characteristics interface, name and channel for the access point, sets up DHCP server for the access...

7.4AI score
Exploits0References1
NCSC
NCSC
added 2020/07/15 12:0 a.m.8 views

Vulnerabilities fixed in Apache Tomcat

Several vulnerabilities have been fixed in Apache Tomcat. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service on the Tomcat server. To do this the malicious party must send specially crafted HTTP or WebSocket traffic to the vulnerable server. The developer...

7.5CVSS8.8AI score0.87553EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/03/27 12:0 a.m.25 views

F5 Networks BIG-IP : BIG-IP TMM Ram Cache vulnerability (K22113131)

The TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. RAM Cache is a BIG-IP feature used to accelerate HTTP traffic and can be enabled in a Web Acceleration profile. CVE-2020-5861 Impact The BIG-IP system temporarily fai...

7.5CVSS7.4AI score0.01044EPSS
Exploits0References2
FireEye
FireEye
added 2020/03/25 12:0 a.m.654 views

This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits

Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers,...

10CVSS0.3AI score0.99999EPSS
Exploits100References19
Prion
Prion
added 2020/03/11 8:15 p.m.19 views

Design/Logic Flaw

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5CVSS7AI score0.02406EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/02/19 1:15 p.m.30 views

CVE-2016-1000109

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic t...

5.3CVSS5.6AI score0.05076EPSS
Exploits1References3
OSV
OSV
added 2020/02/19 1:15 p.m.26 views

CVE-2016-1000109

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic t...

5.3CVSS6.7AI score0.05076EPSS
Exploits1References3
OSV
OSV
added 2020/02/05 4:15 p.m.3 views

CVE-2019-4616

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...

3.5CVSS5.6AI score0.00309EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.100 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2019-0243)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not sk...

8.6CVSS6.9AI score0.05177EPSS
Exploits0References3
OSV
OSV
added 2019/12/18 6:15 p.m.5 views

CVE-2019-8632

Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data...

6.5CVSS6.6AI score0.01293EPSS
Exploits0References3
OSV
OSV
added 2019/12/10 6:15 p.m.28 views

CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

6.1CVSS6.9AI score0.01428EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/12/10 6:15 p.m.28 views

CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

6.1CVSS6.3AI score0.01428EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/12/10 5:32 p.m.40 views

CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

6.1CVSS6.4AI score0.01428EPSS
Exploits0
Rows per page
Query Builder