1664 matches found
Cisco RV110W/RV130W/RV215W Routers HTTP Request Buffer Overflow Vulnerability (CNVD-2016-04097 )
The Cisco RV130W Wireless-N is a multifunction VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall features. The Cisco RV110W/RV130W/RV215W routers have an HTTP request buffer overflow vulnerability that allows an unauthenticated,...
Trend Micro Worry-Free Business Security and Worry-Free Business Security Services HTTP Header Injection Vulnerability
Trend Micro Worry-Free Business Security and Worry-Free Business Security Services are both antivirus programs from Trend Micro. An HTTP header injection vulnerability exists in Trend Micro Worry-Free Business Security version 9.0 and Worry-Free Business Security Services version 5.x, which can b...
squid: Header Smuggling issue in HTTP Request processing
An input validation flaw was found in Squid's mimegetheaderfield function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid...
squid: Cache poisoning issue in HTTP Request handling
An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid...
Apple iOS/watchOS and OS X El Capitan MapKit Sensitive Information Disclosure Vulnerability
Apple iOS is an operating system on Apple's cell phones. oS X El Capitan is a specialized operating system developed for Mac computers. watchOS is a smartwatch operating system. Apple iOS\watchOS and OS X El Capitan's MapKit fails to properly handle HTTP and HTTPS requests, allowing an attacker t...
Microsoft Windows HTTP.sys Denial of Service Vulnerability
Microsoft Windows 10 is a set of next-generation cross-platform operating systems released by the U.S.-based Microsoft Corporation Microsoft for PCs and laptops, tablets, and cell phones, among other devices. A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys in...
The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to gain access to read the files.
The vulnerability of the Cisco Firepower Extensible Operating System is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to files through a specially crafted HTTP request...
The vulnerability of the Internet Explorer browser, which allows a hacker to bypass the protection against cross-site scripting attacks
The vulnerability of the Internet Explorer browser is caused by errors in the processing of HTTP responses. Exploiting this vulnerability allows a malicious actor to bypass security measures against cross-site scripting attacks from a remote location...
The vulnerability of the Firefox browser, which allows a violator to trigger a service failure
The vulnerability in the implementation of the HTTP/2 protocol in Firefox browsers arises from the loss of precision in calculations. Exploiting this vulnerability allows a malicious actor to cause a service failure—the appearance of an error message indicating “Assertion failure” or an emergency...
The vulnerability of the Firefox browser, which allows a violator to trigger a service failure
The vulnerability of the Firefox browser’s HTTP/2 implementation arises from the loss of a significant number of bits. Exploiting this vulnerability allows an attacker to cause a service failure remotely by triggering a “Assertion failure” error message and a premature termination of the service...
Mozilla Firefox HTTP Authentication Information Disclosure Vulnerability
Mozilla Firefox is an open source web browser. Mozilla Firefox uses NTLM v1 to perform HTTP authentication with a security vulnerability that allows remote attackers to build specially crafted Web sites to trick users into parsing for sensitive domain information...
Cisco Email Security Appliance File Descriptor System Overload Vulnerability
The Cisco Email Security Appliance is a widely used email encryption gateway that seamlessly encrypts, decrypts, and digitally signs confidential email. A security vulnerability exists in the Cisco Email Security Appliance that allows remote attackers to exploit the vulnerability by submitting a...
UBUNTU-CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
Oracle E-Business Suite suffers from a remote vulnerability (CNVD-2015-02472)
Oracle E-Business Suite is a new generation of e-business suite from Oracle. A remote security vulnerability exists in Oracle E-Business Suite. It allows attackers to exploit this vulnerability to compromise the 'Configurator DMZ rules' subcomponent in the 'HTTP' protocol...
Apple Mac OS X/iOS CFNetwork HTTPProtocol Cross Domain COOKIE Disclosure Vulnerability
Apple Mac OS X is an operating system developed by Apple Inc. Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A cross-domain COOKIE disclosure vulnerability in the Apple Mac OS X/iOS CFNetwork HTTPProtocol handling redirection allows attackers to explo...
SerVision HVG Video Gateway devices with firmware elevation of privilege vulnerability
SerVision HVG Video Gateway is an intelligent video gateway product from SerVision Israel. An elevation of privilege vulnerability exists in SerVision HVG Video Gateway devices with firmware. It allows an authenticated remote user to gain privileges by exploiting a cookie received in an HTTP...
Siemens Scalance X Switches 'HTTP' Request Denial of Service Vulnerability
Siemens Scalance X Switches are switching devices developed by Siemens. The Siemens Scalance X Switches 'HTTP' request denial of service vulnerability allows an attacker to reboot the affected device and deny service to legitimate users...
Oracle Transportation Management Remote Vulnerability (CNVD-2015-00483)
Oracle Transportation Manager is a transportation management system developed by Oracle Corporation. A remote vulnerability in Oracle Transportation Management allows attackers to exploit the 'HTTP' protocol to compromise the 'UI Infrastructure' subcomponent...
Privoxy Denial of Service Vulnerability
Privoxy is a proxy server with filtering for HTTP and HTTPS protocols, often used in combination with Tor. A denial of service vulnerability exists in Privoxy that allows remote attackers to launch denial of service attacks via unspecified vectors...
Oracle Transportation Management Remote Vulnerability (CNVD-2015-00482)
Oracle Transportation Manager is a transportation management system developed by Oracle Corporation. A remote vulnerability in Oracle Transportation Management allows attackers to exploit the 'HTTP' protocol to compromise the 'UI Infrastructure' subcomponent...