Lucene search
K

133 matches found

CNVD
CNVD
added 2019/10/15 12:0 a.m.1 views

IBM Cloud Private Injection Vulnerability

IBM Cloud Private is a set of enterprise private cloud solutions from IBM USA. The product is built primarily on Kubernetes and container technology. IBM Cloud Private suffers from an injection vulnerability. An attacker can exploit this vulnerability to inject arbitrary HTTP headers, which can b...

5.4CVSS7.1AI score0.0105EPSS
Exploits0References1
ClickHouse
ClickHouse
added 2019/09/20 12:0 a.m.11 views

CVE-2019-18657

Table function url had the vulnerability allowed the attacker to inject arbitrary HTTP headers in the request. Nikita Tikhomirov...

5.3CVSS5.6AI score0.01466EPSS
Exploits0
OSV
OSV
added 2019/08/28 2:0 p.m.3 views

UBUNTU-CVE-2019-10222

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients...

7.5CVSS7.1AI score0.0461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/08/06 1:22 p.m.3 views

nodejs: Denial of Service with large HTTP headers

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

7.5CVSS6.7AI score0.10207EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/06/14 12:0 a.m.5 views

The vulnerability of the network software tool Envoy, related to errors in analyzing HTTP headers, allows a hacker to gain access to protected data.

The vulnerability of the network software tool Envoy is related to errors in analyzing HTTP headers. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected data without going through the authentication mechanism...

8.3CVSS6.9AI score0.03732EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/04/12 12:0 a.m.4 views

The numerous vulnerabilities in the FortiOS operating system, related to the lack of protection for service data, allow attackers to disclose the protected information.

The multiple vulnerabilities of the FortiOS operating system are related to the lack of protection for service data. Exploiting these vulnerabilities can allow a malicious actor to disclose sensitive information by analyzing HTTP headers, certificates, and error messages...

5.3CVSS5.5AI score
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2018/11/29 9:56 a.m.6 views

ruby: HTTP response splitting in WEBrick

It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...

5.3CVSS7.2AI score0.0576EPSS
Exploits0References5
CNVD
CNVD
added 2018/08/07 12:0 a.m.3 views

Sensio Labs Symfony Security Bypass Vulnerability (CNVD-2018-21473)

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security bypass vulnerability exists in Http Foundation ...

6.5CVSS7AI score0.58061EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/12/04 12:0 a.m.6 views

The vulnerability of the implementation of the direct authentication service for microprogramming software in Cisco Adaptive Security Appliance (ASA) allows a attacker to cause a service failure.

The vulnerability of the direct authentication service for microprogramming software in Cisco Adaptive Security Appliance ASA devices is related to insufficient checking of HTTP request headers. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot and a service...

7.8CVSS7.6AI score0.06541EPSS
Exploits0References4Affected Software9
CNVD
CNVD
added 2017/07/20 12:0 a.m.4 views

MetInfo cross-site scripting vulnerability (CNVD-2017-25435)

MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo version 5.3.17. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via Client-IP or X-Forwarded-For HTTP packet headers...

6.1CVSS6AI score0.00802EPSS
Exploits1References1
OSV
OSV
added 2017/05/17 9:29 p.m.3 views

CVE-2017-4011

Embedding Script XSS in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request...

6.1CVSS5.8AI score0.03271EPSS
Exploits0References2
OSV
OSV
added 2017/05/17 9:29 p.m.5 views

CVE-2017-4016

Web Server method disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to exploit and find another hole via HTTP response header...

5.3CVSS5.8AI score0.01049EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/01/31 5:53 a.m.6 views

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

9.8CVSS6.1AI score0.04707EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/01/31 5:52 a.m.5 views

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

9.8CVSS6.1AI score0.04544EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/01/31 5:52 a.m.5 views

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

9.8CVSS6.1AI score0.0413EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/01/31 5:52 a.m.7 views

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

9.8CVSS6.1AI score0.0413EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/01/31 5:52 a.m.6 views

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

9.8CVSS6.1AI score0.04707EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/01/31 5:52 a.m.6 views

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

9.8CVSS6.1AI score0.0413EPSS
Exploits0References4
OSV
OSV
added 2016/06/24 5:59 p.m.3 views

CVE-2016-5722

Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network...

7.3CVSS5.8AI score0.00715EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/31 12:0 a.m.3 views

Cisco Firepower System Software Security Bypass Vulnerability

Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A security bypass vulnerability exists in the malicious file detection and blocking feature of Cisco Firepower System Software. As the program fails to properly validate fields in the HTTP header. A remote...

7.5CVSS6.9AI score0.01399EPSS
Exploits0References1
Rows per page
Query Builder