Lucene search
K

275 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:11 a.m.82 views

Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID:CVE-2016-8735 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially...

9.8CVSS9.7AI score0.90338EPSS
Exploits14Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2016-5385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of...

8.1CVSS6.9AI score0.50427EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/02/14 12:39 a.m.15 views

K000149797: BIND vulnerability CVE-2024-12705

Security Advisory Description Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 throug...

7.5CVSS7.3AI score0.16182EPSS
Exploits0
OSV
OSV
added 2025/01/29 10:15 p.m.3 views

ALPINE-CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

7.5CVSS7AI score0.16182EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/01/29 9:40 p.m.17 views

CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

7.5CVSS7.5AI score0.16182EPSS
Exploits0
Cvelist
Cvelist
added 2024/09/25 4:26 p.m.33 views

CVE-2024-20436

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a null pointer dereference when accessin...

8.6CVSS0.0086EPSS
Exploits0References1
Broadcom
Broadcom
added 2024/04/25 12:0 a.m.9 views

HTTPS configuration between Brocade SANnav Management Portal and Brocade SAN switches (no CVE)

A security researcher reported a lack of encryption in Brocade SANnav for management protocol HTTP. The researcher states: By default, the appliance can be installed with these options: To configure HTTP or HTTPS connections between SANnav Management Portal and SAN switches, select one of the...

7AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2024/03/28 12:0 a.m.25 views

Softing edgeConnector Siemens Cleartext Transmission of Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 8099 by default. HTTP...

8CVSS7.1AI score0.00513EPSS
Exploits0References1
OSV
OSV
added 2024/03/18 8:30 p.m.17 views

GHSA-68MJ-9PJQ-MC85 Intermittent HTTP policy bypass

Impact Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. Patches This issue affects: Cilium v1.13 between v1.13.9 and v1.13.12 inclusive Cilium v1.14...

7.2CVSS6.8AI score0.0062EPSS
Exploits0References7
Hacker One
Hacker One
added 2024/02/15 9:1 p.m.29 views

MTN Group: CVE-2018-0296 Cisco ASA Denial of Service & Path Traversal vulnerable on [mtn.co.ug]

The Cisco Adaptive Security Appliance ASA was affected by a vulnerability in its web interface that could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service condition. In certain software releases, the vulnerability also could ha...

7.5CVSS7.6AI score0.99903EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.14 views

Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10690)

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such...

8.1CVSS7.8AI score0.01468EPSS
Exploits1References5
Microsoft KB
Microsoft KB
added 2023/07/11 7:0 a.m.53 views

July 11, 2023—KB5028171 (OS Build 20348.1850)

July 11, 2023—KB5028171 OS Build 20348.1850 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when n...

9.8CVSS8.2AI score0.32309EPSS
Exploits6
OSV
OSV
added 2023/03/01 8:15 a.m.5 views

CVE-2022-20952

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked...

5.3CVSS5.8AI score0.00678EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.81 views

K51663510: Apache Tomcat vulnerability CVE-2016-5388

Security Advisory Description Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect ...

8.1CVSS6.7AI score0.50896EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.35 views

K22113131: BIG-IP TMM Ram Cache vulnerability CVE-2020-5861

Security Advisory Description The TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. RAM Cache is a BIG-IP feature used to accelerate HTTP traffic and can be enabled in a Web Acceleration profile. CVE-2020-5861 Impact The...

7.5CVSS7.3AI score0.01044EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.73 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack...

8.1CVSS8AI score0.55724EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/11/25 12:0 a.m.4 views

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud useroidc 1.2.1, which stems from the fact that sensitive information such as OIDC client...

4.3CVSS5AI score0.0042EPSS
Exploits0References4
NVD
NVD
added 2022/07/21 4:15 p.m.30 views

CVE-2022-28861

The server in Citilog 8.0 allows an attacker in a man in the middle position between the server and its smart camera Axis M1125 to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server...

5.9CVSS0.00419EPSS
Exploits0References3
Prion
Prion
added 2022/07/21 4:15 p.m.15 views

Command injection

The server in Citilog 8.0 allows an attacker in a man in the middle position between the server and its smart camera Axis M1125 to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server...

2.6CVSS5.7AI score0.00419EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/07/21 12:0 a.m.63 views

CVE-2022-28861

Citilog 8.0 is affected. The vulnerability arises in the server component that communicates with the Axis M1125 camera, enabling a man-in-the-middle adversary to observe FTP credentials in cleartext HTTP traffic between the server and the camera. Impact is credential exposure enabling FTP access ...

5.9CVSS5.7AI score0.00419EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder