Lucene search
+L

670 matches found

nessus
nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-17420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the httpheader signature to not alert on a...

5.3CVSS6.2AI score0.01355EPSS
Exploits0References2
nessus
nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-6794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends...

5.3CVSS6.1AI score0.24712EPSS
Exploits4References2
nessus
nessus
added 2025/08/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2015-5168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different...

10CVSS8.1AI score0.02411EPSS
Exploits0References2
githubexploit
githubexploit
added 2025/08/21 9:20 p.m.269 views

Exploit for CVE-2025-8671

PoC-CVE-2025-8671-MadeYouReset-HTTP-2 PoC para validar vulnera...

7.5CVSS7.2AI score0.0351EPSS
Exploits3
cnvd
cnvd
added 2025/08/20 12:0 a.m.2 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2025-19106)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a denial of service vulnerability due to a forced reset attack in the HTTP/2 implementation. An attacke...

7.5CVSS6.5AI score0.03514EPSS
Exploits0References1
nessus
nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-47118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issu...

9.8CVSS7AI score0.00462EPSS
Exploits0References2
suse
suse
added 2025/08/15 12:51 p.m.9 views

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344. CVE-2024-12224...

7.5CVSS7.9AI score0.01121EPSS
Exploits2References26
nessus
nessus
added 2025/08/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-49630

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients...

7.5CVSS7.2AI score0.01149EPSS
Exploits0References2
nessus
nessus
added 2025/08/14 12:0 a.m.13 views

F5 Networks BIG-IP : HTTP/2 vulnerability (K000152001)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.2. It is, therefore, affected by a vulnerability as referenced in the K000152001 advisory. An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2...

6.9CVSS6.1AI score0.00475EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/08/13 12:0 a.m.4 views

F5 BIG-IP APM 安全漏洞

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A security vulnerability exists in F5 BIG-IP APM that stems from an HTTP/2 implementation flaw that could lead to a denial-of-service attack...

6.9CVSS6.6AI score0.00475EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2025/08/13 12:0 a.m.13 views

The vulnerability of the HTTPS protocol implementation in macOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the HTTPS protocol’s implementation in macOS systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

10CVSS5.5AI score0.00717EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2025/08/13 12:0 a.m.13 views

Apache Tomcat 10.1.0.M1 < 10.1.44

The version of Tomcat installed on the remote host is prior to 10.1.44. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.44security-10 advisory. - Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically...

7.5CVSS7AI score0.03514EPSS
Exploits0References3
cnvd
cnvd
added 2025/07/25 12:0 a.m.1 views

Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability

Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides reports related to business data and call center data presentation capabilities. A server-side request forgery vulnerability exists in Cisco Unified Intelligence...

5.8CVSS6.9AI score0.00323EPSS
Exploits0
osv
osv
added 2025/07/23 9:15 p.m.4 views

UBUNTU-CVE-2025-53537

LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set suricata.yaml...

7.5CVSS5.8AI score0.0042EPSS
Exploits0References5
osv
osv
added 2025/07/22 9:15 p.m.6 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS5.8AI score0.00217EPSS
Exploits0References5
redhat
redhat
added 2025/06/25 12:20 p.m.7 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
ossf
ossf
added 2025/06/25 3:46 a.m.4 views

Malicious code in aog-checker (npm)

Malicious package due to data exfiltration via HTTPS and DNS, and a suspicious preinstall script executing code before installation. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7348f881da3fd51ab1de0082ff6538b4c7882dd76eb460e2f64cac368fadd7c7 Any computer that ha...

7.1AI score
Exploits0References2
cnnvd
cnnvd
added 2025/06/25 12:0 a.m.21 views

Brother Industries Multiple driver installers for Windows 安全漏洞

Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows, which can be exploited by an unauthenticated attacker to access the /etc/mntinfo.csv path vi...

5.3CVSS8.1AI score0.77472EPSS
Exploits0References11
redhat
redhat
added 2025/06/17 12:8 p.m.5 views

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS7.3AI score0.00847EPSS
Exploits0References5
osv
osv
added 2025/06/17 12:15 a.m.5 views

CVE-2025-6146

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

8.7CVSS6.4AI score0.01057EPSS
Exploits1References6
Rows per page
Query Builder