Lucene search
K

134 matches found

CNVD
CNVD
added 2016/03/31 12:0 a.m.3 views

Cisco Firepower System Software Security Bypass Vulnerability

Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A security bypass vulnerability exists in the malicious file detection and blocking feature of Cisco Firepower System Software. As the program fails to properly validate fields in the HTTP header. A remote...

7.5CVSS6.9AI score0.01399EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.7 views

The vulnerability of the Moodle learning management system allows a hacker to redirect users to arbitrary websites.

The vulnerability of the cleanparam function in the Moodle learning management system’s library/moodlelib.php file is related to the use of open redirection. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary websites and carry out phishing attacks through actio...

5.8CVSS7.3AI score0.01849EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/01/30 3:59 p.m.5 views

CVE-2016-1138

CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors...

4.7CVSS5.9AI score0.01115EPSS
Exploits0References3
OSV
OSV
added 2016/01/12 7:59 p.m.3 views

DEBIAN-CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

8.6CVSS7.6AI score0.07393EPSS
Exploits0References1
OSV
OSV
added 2015/12/15 12:0 a.m.5 views

UBUNTU-CVE-2015-7208

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers...

5CVSS6.8AI score0.0239EPSS
Exploits0References4
CNVD
CNVD
added 2015/11/18 12:0 a.m.32 views

Piwik PHP Object Injection Vulnerability

Piwik formerly known as phpMyVisites is an open source website access statistics system based on PHP5 and MySQL. A security vulnerability exists in the 'DisplayTopKeywords' function in the plugins/Referrers/Controller.php script of Piwik versions prior to 2.15.0. A remote attacker can exploit thi...

7.5CVSS8AI score0.03931EPSS
Exploits3References1
CNVD
CNVD
added 2015/09/27 12:0 a.m.4 views

Kaseya Virtual System Administrator Remote Code Execution Vulnerability

Kaseya Virtual System Administrator is a suite of IT system management platforms for simplifying and automating IT services. Kaseya Virtual System Administrator's json.ashx handles HTTP headers without restricting the destination file path, allowing remote attackers to submit a special request to...

8.8CVSS7.6AI score0.13577EPSS
Exploits7References1
RedHat Linux
RedHat Linux
added 2014/02/05 5:42 p.m.9 views

pidgin: DoS when parsing certain HTTP response headers

util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service application crash via a crafted response...

5CVSS5.9AI score0.02227EPSS
Exploits0References5
OSV
OSV
added 2013/01/18 11:48 a.m.46 views

UBUNTU-CVE-2012-5875

Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...

5CVSS5.8AI score0.10814EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2009/12/23 5:33 p.m.6 views

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...

5CVSS5.9AI score0.04813EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/12/08 7:9 p.m.6 views

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...

5CVSS5.9AI score0.04813EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/11/16 3:44 p.m.6 views

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...

5CVSS5.9AI score0.04813EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/11/09 3:4 p.m.5 views

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...

5CVSS5.9AI score0.04813EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/12/18 4:12 p.m.5 views

squid: DoS in cache updates

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service crash via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects...

5CVSS5.8AI score0.26858EPSS
Exploits2References4
Rows per page
Query Builder