Lucene search
+L

80 matches found

osv
osv
added 2023/12/26 4:2 a.m.2 views

SUSE-SU-2023:4974-1 Security update for distribution

This update for distribution fixes the following issues: distribution was updated to 2.8.3 bsc1216491: Pass BUILDTAGS argument to go build Enable Go build tags reference: replace deprecated function SplitHostname Dont parse errors as JSON unless Content-Type is set to JSON update to go 1.20.8 Set...

7.1AI score
Exploits0References2
bdu_fstec
bdu_fstec
added 2023/08/11 12:0 a.m.10 views

The vulnerability of the VMware Horizon Server virtualization server, related to improper checking of HTTP requests, allows an attacker to compromise the integrity of protected information.

The vulnerability of the VMware Horizon Server virtualization server lies in improper handling of HTTP requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information from a remote location...

5.3CVSS5.9AI score0.00395EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2023/06/02 12:0 a.m.7 views

CVE-2023-33476

ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...

6.8AI score0.02061EPSS
Exploits2References6
rosalinux
rosalinux
added 2023/04/25 11:30 a.m.82 views

Advisory ROSA-SA-2023-2158

Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: 2.4.6-98.7 CVE-ID: CVE-2021-40438 BDU-ID: 2021-04820 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...

9.8CVSS8.3AI score0.99999EPSS
Exploits14
checkpoint_advisories
checkpoint_advisories
added 2021/12/02 12:0 a.m.15 views

Yealink Device Management Command Injection (CVE-2021-27561)

A command injection vulnerability exists in Yealink Device Management. The vulnerability is due to improper handling of a crafted HTTP request...

10CVSS1.7AI score0.82516EPSS
Exploits0
ptsecurity
ptsecurity
added 2020/05/22 12:0 a.m.6 views

PT-2020-3713

Name of the Vulnerable Software and Affected Versions: Puma versions prior to 3.12.5 Puma versions prior to 4.3.4 Description: The issue is related to the handling of HTTP requests in Puma, a RubyGem for Ruby/Rack applications. An attacker could smuggle an HTTP response by using an invalid...

9.8CVSS7.2AI score0.99856EPSS
Exploits60References182
nessus
nessus
added 2019/05/21 12:0 a.m.20 views

Siemens SCALANCE X-300 Family Switches HTTP Request Handling Remote DOS

Binary data 148.prm...

7.8CVSS7.3AI score0.02201EPSS
Exploits0References2
veracode
veracode
added 2018/10/29 1:59 a.m.24 views

Access Restriction Bypass

gateway.transport.http is vulnerable to access restriction bypass. Access restriction controls can be bypassed due to improper HTTP request handling via a specially crafted HTTP request, allowing a remote attacker to obtain confidential information...

7.5CVSS7.3AI score0.01966EPSS
Exploits0References2Affected Software2
osv
osv
added 2018/04/12 3:29 p.m.4 views

CVE-2017-6910

The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise...

7.5CVSS5.8AI score0.01966EPSS
Exploits0References1
prion
prion
added 2018/04/12 3:29 p.m.14 views

Design/Logic Flaw

The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling...

5CVSS6.8AI score0.01545EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2018/04/12 3:0 p.m.16 views

CVE-2014-6309

The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling...

7.2AI score0.01545EPSS
Exploits0References1
cve
cve
added 2018/04/12 3:0 p.m.47 views

CVE-2014-6309

CVE-2014-6309 affects Kaazing Gateway server components. In Kaazing Gateway 4.0.2, 4.0.3, 4.0.4 and Gateway – JMS Edition 4.0.2, 4.0.3, 4.0.4, the HTTP and WebSocket engine can allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. The vulnerability i...

7.5CVSS7.1AI score0.01545EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2018/04/12 3:0 p.m.16 views

CVE-2017-6910

The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise...

7.4AI score0.01966EPSS
Exploits0References1
redhatcve
redhatcve
added 2018/03/23 5:19 a.m.30 views

CVE-2018-7262

A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests...

7.5CVSS0.8AI score0.0297EPSS
Exploits0References1
nessus
nessus
added 2018/03/06 12:0 a.m.27 views

Cisco UCS Central Software < 2.0(1c) HTTP Request Handling RCE

The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted...

8.8CVSS8.2AI score0.02269EPSS
Exploits0References4
nvd
nvd
added 2016/09/26 4:59 p.m.13 views

CVE-2016-3639

SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128...

5CVSS4.6AI score0.01549EPSS
Exploits0References4
nessus
nessus
added 2016/08/25 12:0 a.m.43 views

Cisco UCS Central Software < 1.3(1c) HTTP Request Handling RCE

The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially craft...

9.8CVSS8.7AI score0.0224EPSS
Exploits0References4
nessus
nessus
added 2016/06/01 12:0 a.m.38 views

Oracle Linux 7 : squid (ELSA-2016-1139)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1139 advisory. - Related: 1330576 - CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling - Related: 1334491 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556...

8.8CVSS6.7AI score0.79969EPSS
Exploits1References9
oraclelinux
oraclelinux
added 2016/05/31 12:0 a.m.40 views

squid34 security update

7:3.4.14-9.3 - Resolves: 1334499 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 squid34: various flaws - Resolves: 1334506 - CVE-2016-4553 squid34: squid: Cache poisoning issue in HTTP Request handling 7:3.4.14-9.2 - Related: 1330574 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid34:...

6.8CVSS0.4AI score0.79969EPSS
Exploits1
nessus
nessus
added 2016/01/22 12:0 a.m.33 views

Juniper Junos HTTP Request Handling J-Web DoS (JSA10720)

According to its self-reported version number, the remote Juniper Junos device is affected by denial of service vulnerability due to a flaw in the Embedthis Appweb Server when processing malformed HTTP requests. An unauthenticated, remote attacker can exploit this to crash the J-Web service...

5.3CVSS5.8AI score0.01739EPSS
Exploits0References2
Rows per page
Query Builder