Lucene search
K

676 matches found

CNNVD
CNNVD
added 2024/05/01 12:0 a.m.12 views

编号撤回

Tinyproxy is a small, efficient HTTP/SSL proxy daemon from Tinyproxy Open Source. This CVE number has been withdrawn...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/04/02 12:7 a.m.5 views

Malicious code in paysafe-gpf-as-http-proxy-middleware-body-replace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69515fe4abb4869b5999b249c8de31a55fd23bda38e3bd9de3c58c5c245bc5b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
CNNVD
CNNVD
added 2024/03/10 12:0 a.m.2 views

Ladder Security Breach

Ladder is a web proxy that helps bypass paywalls. A security vulnerability exists in Ladder version v0.0.21, which stems from an inability to apply sufficient default restrictions to target addresses. An attacker exploiting the vulnerability could access private address ranges, local listening...

7.5CVSS6.5AI score0.02718EPSS
Exploits3References5
OSV
OSV
added 2024/03/06 7:15 p.m.2 views

DEBIAN-CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...

7.5CVSS7.8AI score0.65254EPSS
Exploits0References1
NVD
NVD
added 2024/03/06 7:15 p.m.15 views

CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...

8.6CVSS8.2AI score0.65254EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/03/06 7:15 p.m.36 views

CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...

8.6CVSS7.1AI score0.65254EPSS
Exploits0References5
CVE
CVE
added 2024/03/06 6:14 p.m.268 views

CVE-2024-25111

Squid (web proxy cache) is affected by CVE-2024-25111. Affected versions are 3.5.27 up to, but not including, 6.8; the issue is an uncontrolled recursion in the HTTP Chunked decoder that can cause a remote DoS when processing crafted chunked HTTP messages. The vulnerability is fixed in Squid vers...

8.6CVSS8.3AI score0.65254EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2024/03/06 6:14 p.m.31 views

CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...

8.6CVSS6.7AI score0.65254EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/03/06 6:14 p.m.39 views

CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...

8.6CVSS8.5AI score0.65254EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:54 a.m.25 views

BIT-GRAFANA-2022-39324 Grafana vulnerable to spoofing originalUrl of snapshots

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...

6.7CVSS5.2AI score0.00828EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2024/01/23 3:5 a.m.52 views

USN-6594-1: Squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. CVE-2023-49285 Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote...

8.6CVSS7.7AI score0.88818EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

9CVSS7.3AI score0.82165EPSS
Exploits4References1
RedHat Linux
RedHat Linux
added 2023/12/12 4:27 p.m.1 views

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

5.9CVSS7.1AI score0.02511EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2023/12/04 10:53 p.m.32 views

CVE-2023-49286

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There a...

8.6CVSS6.9AI score0.10352EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2023/12/01 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

9.8CVSS7.4AI score0.93967EPSS
Exploits7References1
Fortinet
Fortinet
added 2023/10/10 12:0 a.m.23 views

Protect

A use after free vulnerability CWE-416 in FortiOS & FortiProxy may allow an unauthenticated remote attacker to crash the Web Proxy process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection...

5CVSS7.2AI score0.0102EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.25 views

Fortinet Fortigate Webproxy process DoS (FG-IR-23-184)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-184 advisory. - A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiPro...

5.3CVSS5.7AI score0.0102EPSS
Exploits0References2
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2023/06/25 4:23 p.m.17 views

Key Network Questions

I wrote this on 7 December 2018 but never published it until today. The following are the "key network questions" which "would answer many key questions about a network, without having to access a third party log repository. This data is derived from mining Zeek log data as it is created, rather...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/06/05 12:30 p.m.6 views

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

5.9CVSS7.1AI score0.02511EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/05/16 9:2 a.m.4 views

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

5.9CVSS7.1AI score0.02511EPSS
Exploits1References5
Rows per page
Query Builder