5909 matches found
Security update for links (moderate)
openSUSE Security Update: Security update for links Announcement ID: openSUSE-SU-2019:2185-1 Rating: moderate References: 1149886 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that contains security fixes can now be...
Security update for varnish (moderate)
openSUSE Security Update: Security update for varnish Announcement ID: openSUSE-SU-2019:2184-1 Rating: moderate References: 1149382 Cross-References: CVE-2019-15892 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This...
CVE-2019-13532
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller...
CVE-2016-7398
A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...
CVE-2016-7398
A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...
Type confusion
A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...
UBUNTU-CVE-2016-7398
A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...
CVE-2016-7398
A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...
CVE-2016-7398
A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...
Cisco NX-OS Software NX-API Denial of Service Vulnerability (CVE-2019-1968)
According to its self-reported version, Cisco NX-OS Software is affected by a denial of service vulnerability in the NX-API of Cisco NX-OS Software due to incorrect validation of HTTP requests. An unauthenticated, remote attacker could exploit this, by sending a crafted HTTP request to the NX-API...
Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework linux/armle/meterpreter/bindtcp - segfault linux/armle/meterpreter/reversetcp - segfault linux/armle/meterpreterreversehttp - works linux/armle/meterpreterreversehttps -...
Cisco RV110W / RV130(W) / RV215W Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework linux/armle/meterpreter/bindtcp - segfault linux/armle/meterpreter/reversetcp - segfault linux/armle/meterpreterreversehttp - works linux/armle/meterpreterreversehttps -...
Cisco RV110W / RV130(W) / RV215W Remote Command Execution Exploit
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The...
Protect
An Improper Authorization vulnerability in the SSL VPN web portal may allow an unauthenticated attacker to change the password of an SSL VPN web portal user via specially crafted HTTP requests...
CentOS 7 : python-requests (CESA-2019:2035)
An update for python-requests is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is...
CVE-2019-12643 Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...
Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...
CVE-2019-14300
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...
CVE-2019-14307
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...