Lucene search
K

11647 matches found

BDU FSTEC
BDU FSTEC
added 2023/01/23 12:0 a.m.3 views

The vulnerability of the HTTP server software implementation in HAProxy arises from insufficient input validation, allowing attackers to compromise data integrity.

The vulnerability of the HTTP server software of HAProxy is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise data integrity from a remote location...

5.3CVSS5.9AI score0.0177EPSS
Exploits0References9Affected Software3
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.150 views

Oracle HTTP Server (Jan 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jan 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Expat. The supported version tha...

10CVSS7.7AI score0.52331EPSS
Exploits13References12
NVD
NVD
added 2023/01/20 8:15 p.m.35 views

CVE-2022-3918

A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server,...

8.8CVSS8.8AI score0.00779EPSS
Exploits0References1
OSV
OSV
added 2023/01/20 8:15 p.m.20 views

CVE-2022-3918

A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server,...

8.8CVSS8.8AI score
Exploits0References1
Prion
Prion
added 2023/01/20 8:15 p.m.17 views

Crlf injection

A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server,...

6.5CVSS8.6AI score0.00779EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.34 views

CVE-2022-3918

A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server,...

9AI score0.00779EPSS
Exploits0References1
CVE
CVE
added 2023/01/20 12:0 a.m.69 views

CVE-2022-3918

CVE-2022-3918 involves Swift’s FoundationNetworking (swift-corelibs-foundation). A CRLF injection flaw in URLRequest headers allows a client to insert CRLF sequences into a header value, which may cause the server to parse extra headers or a second request when sent via URLSession. The vulnerabil...

8.8CVSS8.6AI score0.00779EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/20 12:0 a.m.53 views

Oracle Enterprise Manager Ops Center UCE Patches (Oct 2021 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking Apache HTTP...

9.8CVSS7.3AI score0.68067EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/01/20 12:0 a.m.40 views

openSUSE 15 Security Update : golang-github-prometheus-alertmanager (SUSE-SU-2022:2139-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2022:2139-1 advisory. - clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP server...

7.5CVSS7AI score0.05994EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/01/19 12:0 a.m.47 views

Oracle Enterprise Manager Ops Center UCE Patches (Jan 2023 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by a vulnerability as referenced in the January 2023 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Update Provisioning Apache HTTP...

9.8CVSS8.4AI score0.0314EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/01/18 7:5 p.m.82 views

CVE-2006-20001

A flaw was found in the moddav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. Mitigation Disabling moddav and restarting httpd will mitigate this flaw...

7.5CVSS8AI score0.03546EPSS
Exploits0References4
NCSC
NCSC
added 2023/01/18 12:0 a.m.9 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Fusion Middleware products, including WebLogic Server and HTTP Server. A unauthenticated malicious person could potentially exploit them to execute arbitrary code. To do so, it would need to malicious network traffic should be sent to the vulnerable system. sen...

10CVSS7.9AI score0.99931EPSS
Exploits47
NCSC
NCSC
added 2023/01/18 12:0 a.m.2 views

Vulnerabilities fixed in Apache web server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Apache has released updates to fix the...

9CVSS7AI score0.57941EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/18 12:0 a.m.46 views

FreeBSD : Apache httpd -- Multiple vulnerabilities (00919005-96a3-11ed-86e9-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 00919005-96a3-11ed-86e9-d4c9ef517024 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero...

9CVSS7AI score0.57941EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/01/18 12:0 a.m.33 views

Apache HTTP Server < 2.4.55 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

9CVSS7.7AI score0.57941EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/18 12:0 a.m.1170 views

Apache 2.4.x < 2.4.55 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.55. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.55 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory locatio...

9CVSS7AI score0.57941EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/18 12:0 a.m.63 views

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2023-018-02)

The version of httpd installed on the remote host is prior to 2.4.55. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-018-02 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory...

9CVSS7AI score0.57941EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/01/18 12:0 a.m.27 views

Apache HTTP Server < 2.4.55 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

9CVSS7.7AI score0.57941EPSS
Exploits0References1
NVD
NVD
added 2023/01/17 8:15 p.m.35 views

CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

9CVSS9.2AI score0.01879EPSS
Exploits0References2
NVD
NVD
added 2023/01/17 8:15 p.m.36 views

CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

7.5CVSS8.4AI score0.03546EPSS
Exploits0References3
Rows per page
Query Builder