Lucene search
K

133 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.2 views

SUSE CVE-2006-0051

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the httppeek function...

5.1CVSS8.3AI score0.03493EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.4 views

SUSE CVE-2006-1989

Buffer overflow in the getdatabase function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers...

5.1CVSS9.8AI score0.0581EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.3 views

SUSE CVE-2010-1197

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting XSS...

4.3CVSS8.2AI score0.0207EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:38 a.m.3 views

SUSE CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

5.8CVSS7.2AI score0.04632EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.4 views

SUSE CVE-2013-4961

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information...

5CVSS6.5AI score0.01799EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.4 views

SUSE CVE-2015-7519

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...

3.7CVSS7AI score0.02364EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.5 views

SUSE CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...

7.4CVSS6.9AI score0.02147EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.6 views

PT-2022-22125 · Ibm · Ibm Cics Tx

Name of the Vulnerable Software and Affected Versions: IBM CICS TX version 11.1 Description: The issue concerns the failure to properly neutralize web scripting syntax in HTTP headers, which can be processed by web browser components. Recommendations: For IBM CICS TX version 11.1, update to a...

5.3CVSS5AI score0.00642EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.4 views

IBM CICS TX 安全漏洞

IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. A security vulnerability exists in IBM CICS TX version 11.1 that stems from not or incorrectly escaping Web script syntax in HTTP headers that can be used by Web browser components that ca...

5.3CVSS5.7AI score0.00642EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/07/04 12:0 a.m.9 views

The vulnerability in the implementation of the sprintf() function in the microprogramming software for DIR-890L A1 allows a hacker to execute arbitrary code.

The vulnerability of the sprintf function implementation in the microprogramming-based router software DIR-890L A1 is related to incorrect checking of string lengths in HTTP headers. Exploiting this vulnerability could allow an attacker to execute arbitrary code by connecting through port 49152...

6.3CVSS7.4AI score0.13638EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/06/07 12:0 a.m.3 views

grub2 缓冲区错误漏洞

grub2 is a Linux system boot program from the US GNU community. A buffer error vulnerability exists in grub2 that stems from an out-of-bounds write when handling split HTTP headers...

8.1CVSS7.4AI score0.01131EPSS
Exploits0References19
OSV
OSV
added 2021/05/06 4:15 p.m.1 views

DEBIAN-CVE-2021-32052

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

6.1CVSS6.6AI score0.03146EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/27 12:0 a.m.7 views

Nacos 安全漏洞

nacos is a dynamic service discovery, configuration and service management platform for Alibaba in China. The software supports both DNS-based and RPC-based service discovery, and can provide features such as delivering real-time health checks and blocking services from sending requests to...

9.8CVSS8.5AI score0.74242EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2021/04/22 12:0 a.m.4 views

PT-2021-12976 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 18.1R3-S11 Juniper Networks Junos OS versions prior to 18.2R3-S5 Juniper Networks Junos OS versions prior to 18.3R2-S4, 18.3R3-S3 Juniper Networks Junos OS versions prior to 18.4R2-S5, 18.4R3-S3...

9.3CVSS8.9AI score0.00853EPSS
Exploits0References3
OSV
OSV
added 2021/03/31 11:15 p.m.4 views

CVE-2021-28994

kopano-ical formerly zarafa-ical in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers...

7.5CVSS7.1AI score0.02049EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/03/31 12:0 a.m.6 views

Kopano Groupware Core 资源管理错误漏洞

Kopano Groupware Core is an application from the Dutch company Kopano. Provides Groupware features for Kopano stacks and in most cases they are the core of every Kopano environment. A denial of service vulnerability exists in Kopano Groupware Core, which can be exploited by an attacker to exhaust...

7.5CVSS5.7AI score0.02049EPSS
Exploits1References4
OSV
OSV
added 2021/01/27 1:15 p.m.2 views

CVE-2020-4815

IBM Cloud Pak for Security CP4S 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system...

5.3CVSS5.8AI score0.01284EPSS
Exploits0References2
OSV
OSV
added 2021/01/07 6:15 p.m.4 views

CVE-2020-4896

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...

6.5CVSS6.6AI score0.00812EPSS
Exploits0References2
CNVD
CNVD
added 2019/12/09 12:0 a.m.2 views

Armeria Injection Vulnerability

Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol. Armeria suffers from an injection vulnerability. The vulnerability stems from a lack of proper validation of user input data by a network system or product during the course of ...

6.5CVSS7.3AI score0.00982EPSS
Exploits0References1
OSV
OSV
added 2019/11/26 2:48 p.m.3 views

USN-4201-1 ruby2.3, ruby2.5 vulnerabilities

It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. CVE-2019-15845 It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to...

8.1CVSS6.9AI score0.05128EPSS
Exploits1References5
Rows per page
Query Builder