Lucene search
K

5909 matches found

CNVD
CNVD
added 2019/10/09 12:0 a.m.3 views

Siemens SIMATIC WinAC RTX (F) 2010 Denial of Service Vulnerability

Siemens SIMATIC WinAC RTXF 2010 is a PC-based fail-safe SIMATIC software controller from Siemens, Germany. A denial of service vulnerability exists in Siemens SIMATIC WinAC RTX F 2010. An unauthenticated attacker sending a large number of HTTP requests to a host running WinAC RTX can exploit this...

7.5CVSS6.8AI score0.01367EPSS
Exploits0References1
OSV
OSV
added 2019/10/08 6:15 p.m.18 views

CVE-2019-17134

Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...

9.1CVSS7AI score
Exploits0References12
NVD
NVD
added 2019/10/08 6:15 p.m.27 views

CVE-2019-17134

Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...

9.1CVSS9.4AI score0.02296EPSS
Exploits0References12
Prion
Prion
added 2019/10/08 6:15 p.m.13 views

Design/Logic Flaw

Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...

6.4CVSS9.2AI score0.02296EPSS
Exploits0References12Affected Software2
CVE
CVE
added 2019/10/08 5:14 p.m.88 views

CVE-2019-17134

CVE-2019-17134 affects OpenStack Octavia amphora-agent: vulnerable in Octavia releases 0.10.0–2.1.2, 3.0.0–3.2.0, and 4.0.0–4.1.0, where the gunicorn cert_reqs option is misconfigured (True instead of ssl.CERT_REQUIRED), allowing anyone with access to the management network to bypass client-certi...

9.1CVSS9.2AI score0.02296EPSS
Exploits0References12Affected Software1
Debian CVE
Debian CVE
added 2019/10/08 5:14 p.m.23 views

CVE-2019-17134

Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...

9.1CVSS8.1AI score0.02296EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/10/04 12:0 a.m.23 views

Debian DLA-1944-1 : libapreq2 security update

It was discovered that there was a remotely-exploitable NULL pointer dereference in libapreq2, a library for manipulating HTTP requests. For Debian 8 'Jessie', this issue has been fixed in libapreq2 version 2.13-4+deb8u1. We recommend that you upgrade your libapreq2 packages. NOTE: Tenable Networ...

7.5CVSS6.6AI score0.03941EPSS
Exploits0References3
OSV
OSV
added 2019/10/02 7:15 p.m.2 views

CVE-2019-12701

A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The vulnerability exists because the affected software...

5.8CVSS6.2AI score0.01493EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/10/02 12:0 a.m.30 views

Cisco IOS XE Software Command Injection Vulnerability (cisco-sa-20190327-iosxe-cmdinj)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Web Services Management Agent WSMA function of Cisco IOS XE Software. The vulnerability allows an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user...

9CVSS7.2AI score0.03451EPSS
Exploits0References4
NVD
NVD
added 2019/09/30 4:15 p.m.16 views

CVE-2019-4280

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503...

5.3CVSS5AI score0.00827EPSS
Exploits0References2
OSV
OSV
added 2019/09/30 4:15 p.m.2 views

CVE-2019-4280

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503...

5.3CVSS5.8AI score0.00827EPSS
Exploits0References2
Prion
Prion
added 2019/09/30 4:15 p.m.21 views

Information disclosure

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503...

5CVSS4.9AI score0.00827EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/09/30 3:20 p.m.59 views

CVE-2019-4280

IBM Sterling File Gateway (versions 2.2.0.0–6.0.1.0) has an information-disclosure vulnerability (CVE-2019-4280) where sensitive data is exposed in HTTP requests due to how the product handles requests in IBM Sterling B2B Integrator Standard Edition. Potential impact is information exposure that ...

5.3CVSS4.9AI score0.00827EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/30 3:20 p.m.20 views

CVE-2019-4280

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503...

5.3CVSS5AI score0.00827EPSS
Exploits0References2
exploitpack
exploitpack
added 2019/09/27 12:0 a.m.40 views

V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery

V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/09/27 12:0 a.m.206 views

V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on: GoAhead-Webs Advisory ID:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.433 views

V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery

Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on: GoAhead-Webs Advisory ID: ZSL-2019-5536 Advisory URL:...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/09/26 5:23 p.m.65 views

Qualys Cloud Platform 2.41 New Features

This release of the Qualys Cloud Platform version 2.41 includes updates and new features for new Gov clouds in AssetView / CloudView and Web Application Scanning, highlights as follows. AssetView Microsoft Azure Gov Cloud Connector – Added connector support for Microsoft Azure Gov Clouds, includi...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/26 12:0 a.m.165 views

V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery

V-SOL GPON/EPON OLT Platform v2.03 Cross-Site Request Forgery Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPON is current...

0.3AI score
Exploits0
Symantec
Symantec
added 2019/09/26 12:0 a.m.60 views

Golang Go CVE-2019-16276 HTTP Request Smuggling Vulnerability

Description Golang Go is prone to an HTTP-request-smuggling vulnerability. A remote attacker may leverage this issue to poison web caches,bypass security defenses, launch cross-site scripting and HTML-injection attacks, and execute session-hijacking attacks. Other attacks are also possible...

5CVSS0.05157EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder