Lucene search
+L

1696 matches found

RedHat Linux
RedHat Linux
added 2013/02/19 10:51 p.m.7 views

Mozilla: Phishing on HTTPS connection through malicious proxy (MFSA 2013-27)

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web...

4CVSS7.4AI score0.013EPSS
Exploits0References5
OSV
OSV
added 2013/01/04 11:52 a.m.5 views

DEBIAN-CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

5CVSS7AI score0.03032EPSS
Exploits0References1
OSV
OSV
added 2012/03/12 9:55 p.m.3 views

UBUNTU-CVE-2012-0647

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...

5CVSS5.7AI score0.01121EPSS
Exploits0References2
OSV
OSV
added 2012/02/16 8:55 p.m.3 views

UBUNTU-CVE-2011-3022

translate/translatemanager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network...

5CVSS7.3AI score0.00776EPSS
Exploits0References2
OSV
OSV
added 2011/11/30 4:5 a.m.8 views

DEBIAN-CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS9AI score0.50604EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2011/10/18 11:19 p.m.6 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2011/08/31 10:43 p.m.11 views

httpd: multiple ranges DoS

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS7.3AI score0.98945EPSS
Exploits17References4
RedHat Linux
RedHat Linux
added 2010/04/27 3:55 a.m.5 views

JBoss EAP jmx authentication bypass with crafted HTTP request

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET...

5.3CVSS6.5AI score0.79415EPSS
Exploits28References6
curl security advisories
curl security advisories
added 2010/02/09 8:0 a.m.8 views

data callback excessive length

When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K CURLMAXWRITESIZE. Usin...

6.8CVSS7.5AI score0.04408EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 2008/11/13 2:4 a.m.5 views

Mozilla buffer overflow in http-index-format parser

The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an...

9.3CVSS6.6AI score0.07677EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2008/10/13 8:0 p.m.3 views

CVE-2008-4541

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request...

10CVSS6.4AI score0.08439EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2007/11/07 9:0 a.m.5 views

Wireshark crashes when inspecting HTTP traffic

Wireshark before 0.99.6 allows remote attackers to cause a denial of service crash via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload...

5CVSS5.9AI score0.16258EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2006/07/20 1:41 p.m.5 views

security flaw

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via 1 invalid HTTP response headers with spaces...

2.6CVSS5.8AI score0.01766EPSS
Exploits0References4
RubySec
RubySec
added 2006/04/20 12:0 a.m.2 views

Ruby http/xmlrpc server DoS

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service blocked connections via a large amount of data...

5CVSS5.3AI score0.10192EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.23 views

Secure HyperText Transfer Protocol (S-HTTP) Detection

Detection of services supporting the Secure HyperText Transfer Protocol S-HTTP. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only nb: Vulnerabili...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2005/06/14 7:40 p.m.7 views

security flaw

Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the httpaccess configuration, which could lead to less restrictive ACLs than intended by the administrator...

7.5CVSS5.8AI score0.01727EPSS
Exploits0References4
Rows per page
Query Builder