Lucene search
K

117 matches found

OSV
OSV
added 2023/08/07 5:30 p.m.24 views

CVE-2023-4012 Incomplete Internal State Distinction in ntpsec

ntpd will crash if the server is not NTS-enabled no certificate and it receives an NTS-enabled client request mode 3...

7.5CVSS7.5AI score0.00377EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2023/08/07 5:30 p.m.95 views

CVE-2023-4012

ntpd will crash if the server is not NTS-enabled no certificate and it receives an NTS-enabled client request mode 3...

7.5CVSS7.6AI score0.00377EPSS
Exploits0
Veracode
Veracode
added 2023/08/06 11:9 a.m.19 views

Denial Of Service (DoS)

NPTD is vulnerable to Denial Of Service DoS. The vulnerability is due when the server is not NTS-enabled no certificate, an attacker can submit a NTS-enabled client request, resulting in a server crash...

7.5CVSS6.7AI score0.00377EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.6 views

NTPsec Security Vulnerabilities

NTPsec is a more secure NTP. A security vulnerability exists in NTPsec that stems from the fact that ntpd may crash when NTS is disabled and an NTS-enabled client request mode 3 is received...

7.5CVSS6.8AI score0.00377EPSS
Exploits0References6
NVD
NVD
added 2023/07/11 3:15 a.m.26 views

CVE-2023-36921

SAP Solution Manager Diagnostics agent - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availabilit...

7.2CVSS6.9AI score0.00548EPSS
Exploits0References2
Prion
Prion
added 2023/07/11 3:15 a.m.30 views

Cross site request forgery (csrf)

SAP Solution Manager Diagnostics agent - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availabilit...

6.4CVSS6.8AI score0.00548EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.7 views

The vulnerability of the client request handler of the security access control system, IED Siemens RUGGEDCOM CROSSBOW, allows a perpetrator to perform arbitrary actions.

The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...

9CVSS7.6AI score0.00476EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.7 views

The vulnerability of the client request handler of the secure access control system used in IED RUGGEDCOM CROSSBOW allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

4.3CVSS6.5AI score0.00524EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2023/03/08 8:22 a.m.24 views

Information Exposure

@nestjs/common, is vulnerable to information exposure. The vulnerability exists due to a lack of client request sanitization in the streamable-file.ts file, allowing an attacker to read sensitive information in the system through the DVI element...

5.3CVSS5.1AI score0.00707EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/03/06 6:30 a.m.32 views

@nestjs/core vulnerable to Information Exposure via StreamableFile pipe

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open...

5.3CVSS5.4AI score0.00707EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/03/06 5:0 a.m.11 views

CVE-2023-26108

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open...

3.7CVSS5.5AI score0.00707EPSS
Exploits1References6
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.29 views

K23432927: The BIG-IP ASM system may redirect a client request to an incorrect URL

Security Advisory Description The BIG-IP ASM system may redirect a client request to an incorrect URL after the client browser passes the client-side integrity defense JavaScript challenge. This issue occurs when all of the following conditions are met: You have enabled the Client Side Integrity...

6.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/12/19 10:59 a.m.5 views

CVE-2022-37392 Apache Traffic Server: Improperly reading the client requests

Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

6.7AI score0.01103EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2022/10/31 12:0 a.m.6 views

Privilege Escalation in spring-security-oauth2-client

Spring Security, versions 5.7 prior to 5.7.5 , and 5.6 prior to 5.6.9 , and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server whi...

8.1CVSS7.3AI score0.01011EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/09/15 12:0 a.m.15 views

Fedora: Security Advisory for libapreq2 (FEDORA-2022-cf658a432f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.6AI score0.04712EPSS
Exploits0References2
Fedora
Fedora
added 2022/09/12 5:59 p.m.37 views

[SECURITY] Fedora 37 Update: libapreq2-2.17-1.fc37

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.04712EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/15 4:15 p.m.2 views

CVE-2022-28937

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests...

7.5CVSS5.9AI score0.0112EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/03/16 2:4 p.m.33 views

CVE-2022-0982 Buffer Overflow via crafted client request in Accel-PPP v1.12

The telnetinputchar function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdlinelen is copied into a fixed buffer b-buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger...

9.8AI score0.01187EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/14 9:4 p.m.28 views

CVE-2022-24705 Buffer Overflow via Crafted Ipv6 Prefix Attribute Type Client Request in accel-ppp v1.12

The radpacketrecv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigge...

9.9AI score0.01182EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/15 12:0 a.m.6 views

IBM Sterling Secure Proxy Server-Side Request Forgery Vulnerability

IBM Sterling Secure Proxy is an International Business Machines Corporation IBM application proxy for securing file transfers in an organization's unprotected zone DMZ. IBM Sterling Secure Proxy has a server-side request forgery vulnerability vulnerability that originates from a server that fails...

6.5CVSS6.3AI score0.00833EPSS
Exploits0References1
Rows per page
Query Builder