Lucene search
K

134 matches found

Veracode
Veracode
added 2024/02/27 10:15 a.m.32 views

Denial Of Service

jetty-http is vulnerable to Denial Of Service DoS. The vulnerability is due to GOAWAY frames failing to be written to the queue when there is TCP congestion within the server. An attacker can exploit idle timeout periods to leave HTTP/2 or 3 connections in the ESTABLISHED state, even when they...

7.5CVSS6.7AI score0.01433EPSS
Exploits0References8Affected Software5
hivepro
hivepro
added 2023/12/29 11:7 a.m.18 views

Terrapin Attack Downgrading the Fortresses of SSH

Summary: The Terrapin attack, a cryptographic exploit targeting the widely adopted SSH protocol, poses a threat to the security of over 15 million servers dispersed across the Internet. This vulnerability enables attackers to compromise the security of established connections by truncating the...

7.2AI score
Exploits0
Redos
Redos
added 2023/11/07 12:0 a.m.57 views

ROS-20231107-01

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

7.5CVSS7.3AI score0.99999EPSS
Exploits19
OSV
OSV
added 2023/10/04 8:15 p.m.4 views

CVE-2023-38538

A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...

5CVSS5.8AI score0.00202EPSS
Exploits0References1
Citrix
Citrix
added 2023/03/26 12:0 a.m.9 views

[NetScaler] Graceful disable service may trigger TCP RESET immediately

According to eDoc:Graceful shutdown of services. If we disable an HTTP service with the following command: disable service HTTPSvcName 0 -graceFul YES We expect to see all ESTABLISHED connections alive. But in real cases, we may see partial connections got TCP RST from NetScaler ADC immediately...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.4 views

Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...

4.9CVSS6.6AI score0.00787EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.2 views

SUSE CVE-2007-1497

nfconntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IPCTESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments...

5CVSS6.8AI score0.03017EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.4 views

SUSE CVE-2017-0380

The rendserviceintroestablished function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to t...

5.9CVSS9.3AI score0.01541EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2022/12/12 10:2 a.m.11 views

proteincim.com Cross Site Scripting vulnerability OBB-3096291

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/12/05 9:9 p.m.7 views

Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...

4.9CVSS6.6AI score0.00787EPSS
Exploits0References4
CNVD
CNVD
added 2022/09/09 12:0 a.m.20 views

Google Android Information Disclosure Vulnerability (CNVD-2022-81244)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that originates in ContentService, which allows checking the presence of an established account on the device due to a missing license check. An attacker...

5.5CVSS5.3AI score0.00089EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.33 views

Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is...

7.5CVSS6.8AI score0.048EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/13 1:9 a.m.18 views

GHSA-F2WR-C4C4-XJG7 Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is...

7.5CVSS7.4AI score0.048EPSS
Exploits0References8
Metasploit
Metasploit
added 2021/12/17 5:53 p.m.99 views

Interact with Established SSH Connection

Interacts with a shell on an established SSH connection Module Options msf use payload/generic/ssh/interact msf payloadinteract show actions ...actions... msf payloadinteract set ACTION msf payloadinteract show options ...show and set options... msf payloadinteract run This module requires...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2021/11/24 12:0 a.m.31 views

CVE-2021-28706

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may...

8.6CVSS7.1AI score0.0206EPSS
Exploits0References2
CNVD
CNVD
added 2021/06/26 12:0 a.m.11 views

Weak password vulnerability in WTScada configuration software

Changzhou Wenting Software Co., Ltd. was established on August 20, 2014, and the company's business scope includes: software development; software sales; computer system integration, etc. WTScada configuration software has a weak password vulnerability, attackers use the weak password to log in t...

7.1AI score
Exploits0
Citrix
Citrix
added 2021/03/23 12:0 a.m.7 views

Published Application Launch Hangs at "Connection established. Negotiating capabilities"

Published application hangs at "Connection established. Negotiating capabilities" for about 30 sec before successful launch...

7.2AI score
Exploits0
Metasploit
Metasploit
added 2020/09/02 5:41 p.m.16 views

Windows Inject PE Files, Find Tag Ordinal Stager

Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/06/17 12:0 a.m.1 views

Jinan Speed Information Technology Co., Ltd. building system there are logical flaws vulnerabilities

Jinan Speed Information Technology Co., Ltd. was established in March 2010, the main business includes computer software development; computer graphic design; website construction and so on. Ltd. There is a logic flaw vulnerability in the website building system, which can be exploited by an...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/04/09 12:0 a.m.5 views

Juniper Networks Junos OS Input Validation Error Vulnerability (CNVD-2020-22958)

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in the Juniper Networks Junos OS implementation of BGP FlowSpec. An attacker could exploit...

8.6CVSS6.8AI score0.01288EPSS
Exploits0
Rows per page
Query Builder