Lucene search
K

166 matches found

OSV
OSV
added 2021/02/08 8:15 p.m.4 views

UBUNTU-CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.1AI score0.03876EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/02/08 12:0 a.m.21 views

PT-2021-6101

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.19.0 Description A malicious server which responds with long series of xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.8CVSS6.8AI score0.03876EPSS
Exploits1References52
RedHat Linux
RedHat Linux
added 2020/02/19 7:36 a.m.56 views

curl: HTTP authentication leak in redirects

It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities...

9.8CVSS7.3AI score0.08031EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1002)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.08031EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/01/16 11:30 a.m.82 views

LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol

LOLBITS is a C reverse shell that uses Microsoft's Background Intelligent Transfer Service BITS to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests receive...

8.2AI score
Exploits0References5
CNVD
CNVD
added 2019/12/05 12:0 a.m.4 views

D-Link DAP-1860 Remote Code Execution Vulnerability

The D-Link DAP-1860 is a WiFi range extender from AUO D-Link of Taiwan, China. A remote code execution vulnerability exists in the D-Link DAP-1860. The vulnerability can be exploited by an attacker to execute arbitrary code with root privileges with the help of shell metacharacters in the HNAPAUT...

8.8CVSS8.7AI score0.20799EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/06/18 7:8 p.m.39 views

curl: HTTP authentication leak in redirects

It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities...

9.8CVSS7.3AI score0.08031EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/04/30 12:0 a.m.4 views

The vulnerability of the libcurl library, caused by buffer overflows in the stack, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Curlauthcreatentlmtype3message function, which creates the NTLM type-3 header lib/vauth/ntlm.c, from the libcurl library, is due to a buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

10CVSS7.5AI score0.12771EPSS
Exploits1References3Affected Software4
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.42 views

EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1172)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification...

9.8CVSS7.1AI score0.08031EPSS
Exploits1References7
OSV
OSV
added 2019/03/26 1:29 a.m.5 views

CVE-2019-7714

An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow...

9.8CVSS6.2AI score0.02128EPSS
Exploits1References2
OSV
OSV
added 2019/02/06 8:29 p.m.3 views

DEBIAN-CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header lib/vauth/ntlm.c:Curlauthcreatentlmtype3message, generates the request HTTP header contents based on previously received data. The check that exists ...

9.8CVSS6.6AI score0.12771EPSS
Exploits1References1
Veracode
Veracode
added 2019/01/15 9:25 a.m.35 views

Information Disclosure

System.Net.Http in rh-dotnetcore10 and rh-dotnetcore11 is vulnerable to an information disclosure. The library does not clear it's authentication headers during redirection, allowing a malicious user to use a redirect to gain access to information in the authentication header...

7.5CVSS7.4AI score0.14833EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/01/15 12:0 a.m.4 views

The vulnerability of the Cisco IOS XE operating system’s IPsec driver and the Cisco Adaptive Security Appliance network interface card software allows a attacker to trigger a device reboot.

The vulnerability of the Cisco IOS XE operating system and Cisco Adaptive Security Appliance network interface software’s IPsec driver is related to errors in the processing of IPsec authentication header AH packets or encapsulated payload ESP packets. Exploiting this vulnerability can allow a...

8.6CVSS7.5AI score0.16221EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2018/11/13 8:36 a.m.6 views

curl: HTTP authentication leak in redirects

It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities...

9.8CVSS7.3AI score0.08031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/10/30 2:57 p.m.77 views

curl: HTTP authentication leak in redirects

It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities...

9.8CVSS7.3AI score0.08031EPSS
Exploits0References5
CNVD
CNVD
added 2018/10/10 12:0 a.m.9 views

Linux kernel denial of service vulnerability (CNVD-2018-20469)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 4.14.67, which stems from a program that incorrectly handles interactions between XFRM Netlink messages,...

4.9CVSS4.5AI score0.00379EPSS
Exploits0References1
OSV
OSV
added 2018/10/08 5:29 p.m.6 views

UBUNTU-CVE-2018-17977

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTOAH packets, and IPPROTOIP packets, which allows local users to cause a denial of service memory consumption and system hang by leveraging root access to execute crafted applications, as demonstrated on...

4.4CVSS6.2AI score0.00379EPSS
Exploits0References4
OSV
OSV
added 2018/10/08 5:29 p.m.4 views

DEBIAN-CVE-2018-17977

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTOAH packets, and IPPROTOIP packets, which allows local users to cause a denial of service memory consumption and system hang by leveraging root access to execute crafted applications, as demonstrated on...

4.4CVSS8AI score0.00379EPSS
Exploits0References1
OSV
OSV
added 2018/10/05 2:29 p.m.4 views

CVE-2018-0472

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec...

8.6CVSS5.8AI score0.16221EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2018/01/24 8:19 a.m.41 views

CVE-2018-1000007

It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities. Mitigation By default, curl and libcurl will not follow redirect requests. This flaw happens onl...

9.8CVSS0.1AI score0.08031EPSS
Exploits0References2
Rows per page
Query Builder