Lucene search
+L

130 matches found

CVE
CVE
added 2021/12/03 5:0 p.m.53 views

CVE-2021-29719

CVE-2021-29719 affects IBM Cognos Analytics 11.1.7 and 11.2.0, stemming from a web response that specifies an incorrect content type. This could enable client‑side exploits. IBM’s advisories note official fixes in IBM Cognos Analytics 11.2.1 and 11.1.7 Fix Pack 4 (FP4); upgrade to 11.2.1 or apply...

5.3CVSS5.4AI score0.01204EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/12/03 5:0 p.m.22 views

CVE-2021-29719

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091...

5.3CVSS5.2AI score0.01204EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/12/03 12:0 a.m.3 views

PT-2021-18430 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.0 Description: The issue is related to client-side vulnerabilities due to a web response specifying an incorrect content type. Recommendations: For IBM Cognos Analytics versions 11.1.7 through...

5.3CVSS5.5AI score0.01204EPSS
Exploits0References5
OSV
OSV
added 2021/08/13 4:15 p.m.3 views

CVE-2021-32067

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization...

6.5CVSS6.6AI score0.00672EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/28 12:0 a.m.2 views

Squid 输入验证错误漏洞

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in Squid versions prior to 4.15 and versions 5.x through 5.0.6 that allows remote...

6.5CVSS6.9AI score0.79583EPSS
Exploits0References17
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.7 views

The vulnerability of the is_hdr_criteria_matches function in the BIG-IP Advanced Web Application Firewall (AWAF) virtual server allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the ishdrcriteriamatches function in the BIG-IP Advanced Web Application Firewall AWAF virtual server lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary cod...

9CVSS8.8AI score0.72711EPSS
Exploits1References3Affected Software14
OSV
OSV
added 2021/01/26 6:15 p.m.4 views

CVE-2020-27539

Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow OOB write. In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...

9.8CVSS7.6AI score0.01261EPSS
Exploits1References1
OSV
OSV
added 2021/01/04 2:15 p.m.6 views

CVE-2020-4913

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288...

4.4CVSS6AI score0.00302EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/09/07 1:5 p.m.7 views

resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class

A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed...

7.5CVSS5.7AI score0.02023EPSS
Exploits0References4
OSV
OSV
added 2020/05/19 3:15 p.m.2 views

UBUNTU-CVE-2020-1695

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to...

7.5CVSS7AI score0.02023EPSS
Exploits0References5
OSV
OSV
added 2020/05/06 5:15 p.m.3 views

CVE-2020-3315

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP...

5.3CVSS6.3AI score0.02156EPSS
Exploits0References3
CNVD
CNVD
added 2020/03/13 12:0 a.m.4 views

Unspecified Vulnerability in ABB eSOMS (CNVD-2020-19561)

ABB eSOMS is a plant operations management system from ABB Switzerland. ABB eSOMS contains a security vulnerability that originates from not setting a security flag in the HTTP response header, which can be exploited by an attacker to obtain cookie information...

3.5CVSS6.8AI score0.00517EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/31 12:0 a.m.6 views

ClipSoft REXPERT Information Disclosure Vulnerability

ClipSoft REXPERT is a report generation program from ClipSoft Korea. An information disclosure vulnerability exists in ClipSoft REXPERT. An attacker can exploit the vulnerability to disclose a user's name via the session file path of HTTP response data...

5.3CVSS6.2AI score0.0093EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/28 12:0 a.m.6 views

IBM Cloud Orchestrator HTTP Response Splitting Vulnerability (CNVD-2019-39202)

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. An...

5.4CVSS6.3AI score0.00561EPSS
Exploits0References1
OSV
OSV
added 2019/10/02 7:15 p.m.5 views

CVE-2019-15259

A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...

6.1CVSS6.3AI score0.01057EPSS
Exploits0References1
OSV
OSV
added 2019/07/16 5:15 p.m.6 views

CVE-2019-13383

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response...

5.3CVSS6.3AI score0.14241EPSS
Exploits5References3
BDU FSTEC
BDU FSTEC
added 2018/04/12 12:0 a.m.4 views

The vulnerability of the php_stream_url_wrap_http_ex function in the PHP interpreter allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the phpstreamurlwraphttpex function located in ext/standard/httpfopenwrapper.c in the PHP interpreter arises due to an out-of-buffer operation on the stack. Exploitation of this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by usi...

9.8CVSS7.8AI score0.87606EPSS
Exploits3References11Affected Software1
OSV
OSV
added 2018/01/18 6:29 a.m.6 views

CVE-2017-12308

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...

6.1CVSS6.1AI score0.00833EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/02 12:0 a.m.6 views

Circle with Disney Information Disclosure Vulnerability

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. An information disclosure vulnerability exists in the apid daemon in Circle with Disney version 2.0.1. The vulnerability can be exploite...

5.8CVSS5.3AI score0.01144EPSS
Exploits2References1
CVE
CVE
added 2017/07/24 3:0 p.m.55 views

CVE-2015-1847

CVE-2015-1847 concerns a directory traversal in the Appserver web request/response interface. The vulnerability affects Appserver versions before 1.0.3, allowing remote attackers to read normally inaccessible files by inserting a “..” in a crafted URL. Multiple sources (NVD, OpenVAS entry, CNVD/P...

7.5CVSS7.3AI score0.02094EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder