Lucene search
K

1664 matches found

CNVD
CNVD
added 2015/01/21 12:0 a.m.3 views

Oracle Transportation Management Remote Vulnerability (CNVD-2015-00480)

Oracle Transportation Manager is a transportation management system developed by Oracle Corporation. A remote vulnerability in Oracle Transportation Management allows attackers to exploit the 'HTTP' protocol to compromise the 'Security' subcomponent...

6.8CVSS6.8AI score0.0133EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/21 12:0 a.m.6 views

Oracle Database Server Remote Vulnerability (CNVD-2015-00490)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Valid account' privileges using the 'HTTP' protocol...

6.8CVSS7.1AI score0.03528EPSS
Exploits1References1
CNVD
CNVD
added 2015/01/21 12:0 a.m.4 views

Oracle Transportation Management Remote Vulnerability (CNVD-2015-00481)

Oracle Transportation Manager is a transportation management system developed by Oracle Corporation. A remote vulnerability in Oracle Transportation Management allows attackers to exploit the 'HTTP' protocol to compromise the 'Security' subcomponent...

5CVSS6.8AI score0.01659EPSS
Exploits0References1
OSV
OSV
added 2014/04/22 2:23 p.m.3 views

UBUNTU-CVE-2014-2892

Heap-based buffer overflow in the getanswer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP MMSH server response...

7.5CVSS6.4AI score0.06147EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2014/04/17 12:23 p.m.6 views

SSL/TLS CRIME attack against HTTPS

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

2.6CVSS6.7AI score0.04266EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2014/03/31 4:31 p.m.6 views

wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39)

The httppayloadsubdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service stack consumption via a...

5CVSS5.9AI score0.03298EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/04/16 6:51 p.m.6 views

apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...

5.8CVSS7.4AI score0.08157EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/04 9:5 p.m.5 views

SSL/TLS CRIME attack against HTTPS

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

2.6CVSS6.7AI score0.04266EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/02/19 10:51 p.m.7 views

Mozilla: Phishing on HTTPS connection through malicious proxy (MFSA 2013-27)

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web...

4CVSS7.4AI score0.013EPSS
Exploits0References5
OSV
OSV
added 2013/01/04 11:52 a.m.3 views

DEBIAN-CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

5CVSS7AI score0.03032EPSS
Exploits0References1
OSV
OSV
added 2012/03/12 9:55 p.m.2 views

UBUNTU-CVE-2012-0647

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...

5CVSS5.7AI score0.01133EPSS
Exploits0References2
OSV
OSV
added 2012/02/16 8:55 p.m.3 views

UBUNTU-CVE-2011-3022

translate/translatemanager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network...

5CVSS7.3AI score0.0077EPSS
Exploits0References2
OSV
OSV
added 2011/11/30 4:5 a.m.6 views

DEBIAN-CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS9AI score0.52531EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2011/10/18 11:19 p.m.6 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2011/08/31 10:43 p.m.10 views

httpd: multiple ranges DoS

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS7.3AI score0.98945EPSS
Exploits17References4
RedHat Linux
RedHat Linux
added 2010/04/27 3:55 a.m.5 views

JBoss EAP jmx authentication bypass with crafted HTTP request

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET...

5.3CVSS6.5AI score0.79415EPSS
Exploits28References6
curl security advisories
curl security advisories
added 2010/02/09 8:0 a.m.6 views

data callback excessive length

When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K CURLMAXWRITESIZE. Usin...

6.8CVSS7.5AI score0.04408EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 2008/11/13 2:4 a.m.4 views

Mozilla buffer overflow in http-index-format parser

The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an...

9.3CVSS6.6AI score0.07677EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2008/10/13 8:0 p.m.3 views

CVE-2008-4541

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request...

10CVSS6.4AI score0.08439EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2007/11/07 9:0 a.m.4 views

Wireshark crashes when inspecting HTTP traffic

Wireshark before 0.99.6 allows remote attackers to cause a denial of service crash via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload...

5CVSS5.9AI score0.16258EPSS
Exploits2References4
Rows per page
Query Builder