Lucene search
K

16603 matches found

Veracode
Veracode
added 2023/05/21 8:3 a.m.28 views

Denial Of Service (DoS)

react/http is vulnerable to Denial of Service DoS attacks. The vulnerability is due to large HTTP request bodies when using the RequestBodyBufferMiddleware with very large settings, resulting in denial of service...

5.3CVSS6.8AI score0.0068EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2023/05/21 6:43 a.m.376 views

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 CVE-2022-46169 is a security vulnerability fou...

9.8CVSS10AI score0.99826EPSS
Exploits48
Tenable Nessus
Tenable Nessus
added 2023/05/20 12:0 a.m.43 views

AlmaLinux 8 : container-tools:rhel8 (ALSA-2023:2758)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2758 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962...

7.5CVSS7.2AI score0.05623EPSS
Exploits5References15
Tenable Nessus
Tenable Nessus
added 2023/05/20 12:0 a.m.67 views

CentOS 8 : container-tools:rhel8 (CESA-2023:2758)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2758 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling i...

7.5CVSS7.4AI score0.05623EPSS
Exploits5References15
NVD
NVD
added 2023/05/19 12:15 p.m.24 views

CVE-2022-30114

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482FW230FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462FW261DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS...

7.5CVSS7.7AI score0.02396EPSS
Exploits2References2
Prion
Prion
added 2023/05/19 12:15 p.m.20 views

Heap overflow

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482FW230FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462FW261DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS...

5CVSS7.6AI score0.02396EPSS
Exploits2References2Affected Software2
Cvelist
Cvelist
added 2023/05/19 12:0 a.m.44 views

CVE-2022-30114

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482FW230FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462FW261DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS...

7.8AI score0.02396EPSS
Exploits2References2
CVE
CVE
added 2023/05/19 12:0 a.m.55 views

CVE-2022-30114

CVE-2022-30114 is a heap-based buffer overflow affecting Fastweb FASTGate MediaAccess FGA2130FWB (firmware 18.3.n.0482_FW_230_FW) and DGA4131FWB (up to 18.3.n.0462_FW_261_DGA4131). The vulnerability resides in the cmproxy component that handles HTTP requests on TCP port 8888, caused by lack of va...

7.5CVSS7.6AI score0.02396EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/19 12:0 a.m.9 views

CVE-2022-30114

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482FW230FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462FW261DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS...

7.5AI score0.02396EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/05/19 12:0 a.m.23 views

Cisco Identity Services Engine Path Traversal Vulnerability (cisco-sa-ise-traversal-ZTUgMYhu) (CSCwe17953)

According to its self-reported version, Cisco Identity Services Engine Path Traversal Vulnerabilities is affected by a path traversal vulnerability. A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the...

6CVSS5.8AI score0.00494EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/05/19 12:0 a.m.37 views

AlmaLinux 8 : container-tools:4.0 (ALSA-2023:2802)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2802 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962...

7.5CVSS7.1AI score0.05623EPSS
Exploits5References15
OSV
OSV
added 2023/05/18 5:29 p.m.43 views

GHSA-MGC4-WQV7-4PXM SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Impact Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other...

9.8CVSS9.5AI score
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/05/18 5:29 p.m.50 views

SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Impact Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other...

9.8CVSS6.8AI score0.57132EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/05/18 12:0 a.m.10 views

SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other issues. Thi...

7AI score
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2023/05/17 5:24 p.m.41 views

CVE-2023-26044 ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

5.3CVSS5.8AI score0.0068EPSS
Exploits0References2
Veracode
Veracode
added 2023/05/17 8:15 a.m.29 views

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists in parsefileinformationfromurl function of lang.php and loader.php due to improper folder restrictions which allows an attacker to send a specially crafted HTTP request and create arbitrary folders on the system...

6.5CVSS6.8AI score0.06583EPSS
Exploits3References12Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.3 views

PT-2023-2828 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Identity Services Engine ISE that could allow an authenticated attacker to delete or read arbitrary...

6.8CVSS6.5AI score0.00382EPSS
Exploits0References6
CNVD
CNVD
added 2023/05/17 12:0 a.m.23 views

IBM Security Verify Access Input Validation Error Vulnerability (CNVD-2023-41894)

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. IBM Security Verify Access suffers from an input validation error vulnerability that stems from improper input validation of the application, which can be exploited by an...

7.5CVSS6.5AI score0.01485EPSS
Exploits2References1
Prion
Prion
added 2023/05/16 5:15 p.m.22 views

Design/Logic Flaw

Missing permission checks in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

6.5CVSS8.4AI score0.00832EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/16 5:15 p.m.18 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

6.8CVSS8.5AI score0.00681EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder