Lucene search
K

117 matches found

RedHat Linux
RedHat Linux
added 2021/03/16 1:38 p.m.8 views

jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

7.1CVSS5.8AI score0.01089EPSS
Exploits0References4
OSV
OSV
added 2020/12/09 12:15 a.m.3 views

CVE-2020-27614

AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation...

7.8CVSS7.1AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/05/22 3:15 p.m.26 views

CVE-2020-11077

In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...

7.5CVSS6.6AI score0.02806EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/05/22 2:55 p.m.39 views

CVE-2020-11077 HTTP Smuggling via Transfer-Encoding Header in Puma

In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...

6.8CVSS7.4AI score0.02806EPSS
Exploits0References6
Fedora
Fedora
added 2019/10/26 5:31 p.m.25 views

[SECURITY] Fedora 31 Update: libapreq2-2.13-38.fc31

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.03941EPSS
Exploits0
Prion
Prion
added 2019/10/16 6:15 p.m.19 views

Hardcoded credentials

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

6.1CVSS6.3AI score0.00712EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2019/10/16 5:22 p.m.23 views

CVE-2019-6474

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

6.5CVSS6.3AI score0.00712EPSS
Exploits0
Fedora
Fedora
added 2019/10/12 1:30 a.m.17 views

[SECURITY] Fedora 29 Update: libapreq2-2.13-38.fc29

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.03941EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2018/07/04 12:0 a.m.2 views

Oracle Web Cache Unspecified Client Request Handling DoS - Ver2

A vulnerability exists in Oracle Web Cache. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

4.8AI score
Exploits0
CNVD
CNVD
added 2018/06/13 12:0 a.m.1 views

Adobe Reader PDF Client Request Injection Vulnerability

Adobe Reader is a popular application for working with PDF files. A request injection vulnerability exists in the Adobe Reader PDF client. An attacker can exploit the vulnerability to obtain unauthorized information...

7.2AI score
Exploits0References1
Veracode
Veracode
added 2017/11/13 5:28 a.m.9 views

Directory Traversal

Sanic is vulnerable to directory traversal attacks. Attackers can read arbitrary files by using a client to request a URL with a substring such as /static/..%2f...

7.5CVSS7.4AI score0.02426EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2017/09/14 12:0 a.m.37 views

Motorola Netopia Netoctopus SDCS Stack Buffer Overflow

require 'msf/core' class MetasploitModule 'Motorola Netopia Netoctopus SDCS Stack Buffer Overflow', 'Description' = %q This module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifi...

1.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/07/14 5:50 a.m.9 views

nginx: NULL pointer dereference while writing client request body

A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash...

7.5CVSS5.9AI score0.16376EPSS
Exploits0References5
Amazon
Amazon
added 2016/06/15 12:0 a.m.45 views

Medium: nginx

Issue Overview: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file. Affected Packages: nginx...

7.5CVSS8AI score0.16376EPSS
Exploits0
Nginx
Nginx
added 2016/06/07 2:0 p.m.363 views

NULL pointer dereference while writing client request body

NULL pointer dereference while writing client request body Severity: medium CVE-2016-4450 Not vulnerable: 1.11.1+, 1.10.1+ Vulnerable: 1.3.9-1.11.0...

7.5CVSS2AI score0.16376EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2016/06/02 9:40 p.m.19 views

MGASA-2016-0216 Updated nginx packages fix CVE-2016-4450

Updated nginx package fixes security vulnerability: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a...

7.5CVSS7.6AI score0.16376EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/06/01 12:0 a.m.51 views

nginx-mainline: denial of service

A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...

5CVSS1.5AI score0.16376EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/06/01 12:0 a.m.56 views

nginx: denial of service

A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body...

5CVSS1.7AI score0.16376EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/01/30 12:0 a.m.11 views

SIP Client Request Detection (UDP)

Binary data 9061.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.42 views

FreeBSD : xserver -- multiple issue with X client request handling (27b9b2f0-8081-11e4-b4ca-bcaec565249c)

Alan Coopersmith reports : Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues. The vulnerabilities...

6.5CVSS6.5AI score0.05192EPSS
Exploits0References14
Rows per page
Query Builder