Lucene search
K

656 matches found

RedHat Linux
RedHat Linux
added 2022/01/12 12:8 p.m.2 views

Mozilla: Missing throttling on external protocol launch dialog

The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...

6.5CVSS7.3AI score0.00679EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/01/12 11:48 a.m.1 views

Mozilla: Missing throttling on external protocol launch dialog

The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...

6.5CVSS7.3AI score0.00679EPSS
Exploits1References6
OSV
OSV
added 2022/01/11 9:15 p.m.2 views

CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability...

9.8CVSS7.6AI score0.9279EPSS
Exploits21References3
OSV
OSV
added 2022/01/01 5:15 a.m.0 views

DEBIAN-CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

7.5CVSS6.2AI score0.03958EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/12/01 12:0 a.m.6 views

The vulnerability of the Oracle Reports Developer component of the Oracle Fusion Middleware software platform allows attackers to influence the integrity and confidentiality of the protected information.

The vulnerability of the Oracle Reports Developer component of the Oracle Fusion Middleware software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to influence the integrity and confidentiality of protected information through the use of the...

6.5CVSS8AI score0.98695EPSS
Exploits11References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/25 12:0 a.m.3 views

The vulnerability of the implementation of the HTTP or FTP protocol in the console-based graphic editor ImageMagick allows a attacker to perform an SSRF attack.

The vulnerability of the HTTP or FTP protocol implementation of the console-based graphic editor ImageMagick is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a malicious actor, operating remotely, to carry out an SSRF attack...

7.4CVSS6.2AI score0.76897EPSS
Exploits4References21Affected Software17
CNNVD
CNNVD
added 2021/11/07 12:0 a.m.5 views

IBM QRadar Network Security 安全漏洞

IBM QRadar Network Security is a network security manager from IBM USA, Inc. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.A security...

5.9CVSS5.6AI score0.01283EPSS
Exploits0References5
OSV
OSV
added 2021/11/03 1:15 a.m.1 views

CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...

8.1CVSS7.4AI score0.00885EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.2 views

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle Payabl...

8.5CVSS8.1AI score0.01125EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/09/23 4:26 p.m.3 views

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

5.9CVSS7.1AI score0.04935EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.2 views

libcurl 资源管理错误漏洞

HAXX Haxx libcurl is a free, open source client-side URL transport library from the Swedish company HAXX. The library supports FTP, FTPS, TFTP, HTTP and more. Haxx libcurl suffers from a resource management error vulnerability that arises from mismanagement of system resources e.g., memory, disk...

9.1CVSS6.6AI score0.06216EPSS
Exploits1References31
OSV
OSV
added 2021/08/16 7:15 p.m.5 views

AZL-6744 CVE-2021-22939 affecting package nodejs for versions less than 16.14.0-1

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

5.3CVSS6.7AI score0.1473EPSS
Exploits1References1
OSV
OSV
added 2021/08/03 2:15 p.m.2 views

ALPINE-CVE-2021-36159

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...

9.1CVSS6.9AI score0.02637EPSS
Exploits1References1
OSV
OSV
added 2021/07/21 3:15 p.m.3 views

CVE-2021-2419

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

7.5CVSS7.1AI score0.01142EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/07/13 12:59 p.m.1 views

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

5.9CVSS7.1AI score0.04935EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.3 views

Varnish Cache 环境问题漏洞

Varnish Cache is a suite of reverse web caching servers. A security vulnerability exists in Varnish Enterprise, which arises from an HTTP/2-enabled Varnish Cache that allows request smuggling and VCL authorization bypass via large Content-Length headers in POST requests. The following products an...

6.5CVSS6.7AI score0.01599EPSS
Exploits0References19
BDU FSTEC
BDU FSTEC
added 2021/06/15 12:0 a.m.3 views

The vulnerability of the User Interface component of Oracle Incentive Compensation (OIC) system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the User Interface component of the Oracle Incentive Compensation system for corporate clients relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information usi...

8.5CVSS6.8AI score0.00931EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/06/11 4:15 p.m.4 views

CVE-2021-22765

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 Versions 3.0.0 and newer and PowerLogic EGX300 All Versions that could cause denial of service or remote code execution via a specially crafted HTTP packet...

9.8CVSS7.8AI score0.02708EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/06/02 12:0 a.m.4 views

The vulnerability of the View Reports component in the Oracle Applications Manager management tool allows a hacker to gain access to create, modify, or delete data.

The vulnerability of the View Reports component in the Oracle Applications Manager management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to the ability to create, modify, or delete data using the HTTP protocol...

8.5CVSS6.7AI score0.00968EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/02 12:0 a.m.4 views

The vulnerability of the Attachments component of the Oracle Document Management and Collaboration software, which allows a hacker to access, create, modify, or delete data.

The vulnerability of the Attachments component of the Oracle Document Management and Collaboration software lies in insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to the ability to create, modify, or delete data using the HTTP protocol...

7.6CVSS6.7AI score0.00812EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder