117 matches found
CVE-2023-4012 Incomplete Internal State Distinction in ntpsec
ntpd will crash if the server is not NTS-enabled no certificate and it receives an NTS-enabled client request mode 3...
CVE-2023-4012
ntpd will crash if the server is not NTS-enabled no certificate and it receives an NTS-enabled client request mode 3...
Denial Of Service (DoS)
NPTD is vulnerable to Denial Of Service DoS. The vulnerability is due when the server is not NTS-enabled no certificate, an attacker can submit a NTS-enabled client request, resulting in a server crash...
NTPsec Security Vulnerabilities
NTPsec is a more secure NTP. A security vulnerability exists in NTPsec that stems from the fact that ntpd may crash when NTS is disabled and an NTS-enabled client request mode 3 is received...
CVE-2023-36921
SAP Solution Manager Diagnostics agent - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availabilit...
Cross site request forgery (csrf)
SAP Solution Manager Diagnostics agent - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availabilit...
The vulnerability of the client request handler of the security access control system, IED Siemens RUGGEDCOM CROSSBOW, allows a perpetrator to perform arbitrary actions.
The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...
The vulnerability of the client request handler of the secure access control system used in IED RUGGEDCOM CROSSBOW allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Information Exposure
@nestjs/common, is vulnerable to information exposure. The vulnerability exists due to a lack of client request sanitization in the streamable-file.ts file, allowing an attacker to read sensitive information in the system through the DVI element...
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open...
CVE-2023-26108
Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open...
K23432927: The BIG-IP ASM system may redirect a client request to an incorrect URL
Security Advisory Description The BIG-IP ASM system may redirect a client request to an incorrect URL after the client browser passes the client-side integrity defense JavaScript challenge. This issue occurs when all of the following conditions are met: You have enabled the Client Side Integrity...
CVE-2022-37392 Apache Traffic Server: Improperly reading the client requests
Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...
Privilege Escalation in spring-security-oauth2-client
Spring Security, versions 5.7 prior to 5.7.5 , and 5.6 prior to 5.6.9 , and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server whi...
Fedora: Security Advisory for libapreq2 (FEDORA-2022-cf658a432f)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 37 Update: libapreq2-2.17-1.fc37
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...
CVE-2022-28937
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests...
CVE-2022-0982 Buffer Overflow via crafted client request in Accel-PPP v1.12
The telnetinputchar function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdlinelen is copied into a fixed buffer b-buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger...
CVE-2022-24705 Buffer Overflow via Crafted Ipv6 Prefix Attribute Type Client Request in accel-ppp v1.12
The radpacketrecv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigge...
IBM Sterling Secure Proxy Server-Side Request Forgery Vulnerability
IBM Sterling Secure Proxy is an International Business Machines Corporation IBM application proxy for securing file transfers in an organization's unprotected zone DMZ. IBM Sterling Secure Proxy has a server-side request forgery vulnerability vulnerability that originates from a server that fails...