Lucene search
K

70 matches found

Tenable Nessus
Tenable Nessus
added 2020/06/08 12:0 a.m.16 views

Datapower Settings

This plugin just sets global variables for datapower TRUSTED...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/02/24 12:55 p.m.6 views

nodejs: HTTP header values do not have trailing optional whitespace trimmed

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

9.8CVSS7.1AI score0.20041EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2019/09/13 8:40 a.m.2 views

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/08/19 8:42 a.m.3 views

php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because httpheadervalue in ext/standard/httpfopenwrapper.c can be a NULL value that is mishandled in an atoi call...

7.5CVSS5.7AI score0.03185EPSS
Exploits1References4
NVD
NVD
added 2019/01/28 8:29 a.m.23 views

CVE-2018-20744

The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems...

5.9CVSS5.8AI score0.00717EPSS
Exploits0References3
OSV
OSV
added 2018/08/03 1:29 p.m.4 views

UBUNTU-CVE-2018-14884

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because httpheadervalue in ext/standard/httpfopenwrapper.c can be a NULL value that is mishandled in an atoi call...

7.5CVSS7.1AI score0.03185EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2013/07/30 4:55 p.m.7 views

haproxy: http_get_hdr()/get_ip_from_hdr2() MAX_HDR_HISTORY handling denial of service

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...

5CVSS5.9AI score0.03519EPSS
Exploits0References4
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.176 views

Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption.

httpMakeVaryMark header value 'value' http.cc:603 line Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.2.5 It takes combination of a 5x requests and responses in less than 10 seconds to crash the parent: Request -- cut -- !/usr/bin/env...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/06/08 12:0 a.m.35 views

Mandriva Linux Security Advisory : libsndfile (MDVSA-2009:132-1)

Multiple vulnerabilities has been found and corrected in libsndfile : Heap-based buffer overflow in vocreadheader in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service application crash and possibly...

9.3CVSS6.3AI score0.08226EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2006/07/12 12:5 a.m.2 views

CVE-2006-3524

Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message...

7.5CVSS6.3AI score0.66993EPSS
Exploits14References14
Rows per page
Query Builder