Lucene search
+L

174 matches found

Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.4 views

PT-2023-24351 · Unknown +3 · Readymedia +3

Name of the Vulnerable Software and Affected Versions: ReadyMedia MiniDLNA versions 1.1.15 through 1.3.2 Description: The issue is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk...

9.8CVSS9.8AI score0.14458EPSS
Exploits3References49
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.7 views

SUSE CVE-2013-2028

The ngxhttpparsechunked function in http/ngxhttpparse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service crash and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based...

7.5CVSS8.1AI score0.87475EPSS
Exploits15References4
Cvelist
Cvelist
added 2021/07/07 7:35 p.m.58 views

CVE-2021-32714 Integer Overflow in Chunked Transfer-Encoding

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...

5.9CVSS9.5AI score0.01133EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2016:2305-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6AI score0.04198EPSS
Exploits0References8
Talos
Talos
added 2021/01/26 12:0 a.m.128 views

Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

8.6CVSS7.6AI score0.01881EPSS
Exploits1
Akamai Blog
Akamai Blog
added 2020/10/12 10:0 p.m.40 views

Media Services Live Features Upgrades to Support Modern-Day Live-Streaming Needs

Media Services Live MSL is Akamai's flagship solution for preparing live streams to provide broadcast-grade streaming quality for our live-streaming customers. MSL provides purpose-built key capabilities with liveOrigin, including ingest acceleration to map encoders to optimal entry points on the...

0.9AI score
Exploits0
OSV
OSV
added 2020/09/21 3:15 p.m.6 views

CVE-2020-4581

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441...

7.5CVSS5.8AI score0.01602EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/09/21 2:55 p.m.26 views

CVE-2020-4581

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441...

7.5CVSS7.2AI score0.01602EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.36 views

Oracle Linux 7 : python-twisted-web (ELSA-2020-1561)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1561 advisory. - Fix CVE-2020-10108 and CVE-2020-10109 multiple HTTP request smuggling vulnderabilities Resolves: rhbz1813439 rhbz1813447 Tenable has extracted the...

9.8CVSS8.2AI score0.03973EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.296 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.4AI score0.94999EPSS
Exploits26References2
Akamai Blog
Akamai Blog
added 2018/12/18 2:45 p.m.82 views

#OTTuesday: Five Technologies Shaping the Future of OTT

The world of OTT is changing radically with new innovations, from player technologies to standards convergence, propelling the industry forward. As 2018 comes to a close, AkamaiTV sat down with DASH legend and Akamai's very own Will Law to get his pulse on the major trends and technologies that a...

0.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2017/11/16 12:0 a.m.10 views

GNU Wget fd_read_body Heap Buffer Overflow (CVE-2017-13090)

A heap buffer overflow vulnerability exists in Wget. The vulnerability is due to improper handling of HTTP responses with chunked transfer encoding within the fdreadbody function. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to make an HTTP request to the...

9.3CVSS1.6AI score0.36563EPSS
Exploits0
seebug.org
seebug.org
added 2016/11/02 12:0 a.m.59 views

Schneider Electric Magelis HMI Advanced Panel denial of service vulnerability (PanelShock)

IMPROPER IMPLEMENTATION OF HTTP GET REQUEST CVE-2016-8367 / SVE-82003201 The timeout value for closing an HTTP client's requests in the Web Gate service is too long and allows a malicious attacker to open multiple connections to the targeted web server and keep them open for as long as possible b...

7.8CVSS6.2AI score0.04301EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2016/10/12 5:7 p.m.5 views

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

5CVSS6.7AI score0.73327EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/09/15 12:0 a.m.37 views

SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2016:2305-1)

This update for wpasupplicant fixes the following issues : - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. bnc930077 - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. bnc930078 - CVE-2015-4143: EAP-pwd missing payload length validation...

5CVSS6AI score0.04198EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2015/12/16 6:19 p.m.6 views

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

5CVSS6.7AI score0.73327EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/11/10 12:0 a.m.48 views

Debian Security Advisory DSA 3397-1 (wpa - security update)

Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked transfe...

5CVSS0.2AI score0.04198EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.27 views

Oracle: Security Advisory (ELSA-2015-0991)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.9AI score0.21045EPSS
Exploits0References2
myhack58
myhack58
added 2015/09/30 12:0 a.m.61 views

LFI with PHPInfo the local test process-bug warning-the black bar safety net

LFI with PHPInfo foreign researchers in 2 0 0 1 published in a local file comprising the use of the method, as a novice in the domestic but can not find complete study materials, after several days of research to learn and put their learning process, summarize, and share. Basics The local file...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.35 views

Amazon Linux: Security Advisory (ALAS-2015-527)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS7.1AI score0.21045EPSS
Exploits1References2
Rows per page
Query Builder