CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

223 matches found

Jake Archibald's Blog•added 2020/08/07 1:0 a.m.•31 views

A padlock problem

There's a difference between what the browser 🔒 means to users, vs what it means to browsers. To users, it means "the page is secure", but to the browser: The certificate dialog in Chrome …it means the "connection" is secure. This is because the security check happens as part of setting up the...

0.3AI score

Exploits0

OSV•added 2020/07/15 7:15 p.m.•11 views

CVE-2019-19326

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...

5.9CVSS6.9AI score0.00209EPSS

Exploits0References1

NVD•added 2020/07/15 7:15 p.m.•16 views

CVE-2019-19326

5.9CVSS0.00209EPSS

Exploits0References1

Prion•added 2020/07/15 7:15 p.m.•12 views

Design/Logic Flaw

4.3CVSS5.8AI score0.00209EPSS

Exploits0References1Affected Software1

OpenVAS•added 2020/07/03 12:0 a.m.•29 views

Squid Security Update Advisory (SQUID-2020:7)

Squid is prone to a cache poisoning vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.9CVSS7.5AI score0.15653EPSS

Exploits0References1

NVD•added 2020/06/30 6:15 p.m.•19 views

CVE-2020-15049

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace...

9.9CVSS0.15653EPSS

Exploits0References10

OSV•added 2020/06/30 6:15 p.m.•25 views

CVE-2020-15049

8.8CVSS6.6AI score

Exploits0References10

UbuntuCve•added 2020/06/30 6:15 p.m.•25 views

CVE-2020-15049

9.9CVSS6.7AI score0.15653EPSS

Exploits0References4

Prion•added 2020/06/30 6:15 p.m.•22 views

Design/Logic Flaw

6.5CVSS8.4AI score0.15653EPSS

Exploits0References10Affected Software2

Cvelist•added 2020/06/30 5:55 p.m.•49 views

CVE-2020-15049

9.9CVSS9.1AI score0.15653EPSS

Exploits0References10

Debian CVE•added 2020/06/30 5:55 p.m.•28 views

CVE-2020-15049

9.9CVSS7.3AI score0.15653EPSS

Exploits0

Veracode•added 2020/06/12 5:42 a.m.•33 views

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to denial of service. The DNS and HTTP cache feature allows an attacker to cause a denial of service condition in the application...

7.5CVSS1.6AI score0.00867EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2020/04/06 11:5 p.m.•31 views

CVE-2019-11244

A flaw was found in kubectl that leaves http-cache files with read/write permissions for any user. In conjunction with a non-default value for --cache-dir, this may lead to the cache content being placed in a location accessible to other users on the system. Mitigation Do not use --cache-dir, or...

5CVSS2.1AI score0.00097EPSS

Exploits0References4

OSV•added 2020/02/12 4:15 p.m.•4 views

CVE-2013-4090