7691 matches found
CVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...
CVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...
CVE-2021-28662
CVE-2021-28662 affects Squid 4.x before 4.15 and 5.x before 5.0.6. A remote server sending a certain HTTP/HTTPS response header can trigger a denial-of-service in the proxy via input/response handling. This is the same class of DoS as described in multiple advisories (e.g., Arch Linux, Debian, Al...
EUVD-2021-15326
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...
Apache Fineract 安全漏洞
Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. A security vulnerability exists in Apach...
CVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...
Design/Logic Flaw
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM and MCSESP V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker...
CVE-2021-22731
CVE-2021-22731 affects Schneider Electric Modicon Managed Switch MCSESM* and MCSESP* up to version 8.21. Description: Weak Password Recovery Mechanism for Forgotten Password enables an unauthorized password change via HTTP/HTTPS when basic user information is known by a remote attacker. Impact: p...
ABPTTS - TCP Tunneling Over HTTP/HTTPS For Web Application Servers
A Black Path Toward The Sun TCP tunneling over HTTP for web application servers https://www.blackhat.com/us-16/arsenal.htmla-black-path-toward-the-sun Ben Lincoln, NCC Group, 2016 ABPTTS uses a Python client script and a web application server page/package1 to tunnel TCP traffic over an HTTP/HTTP...
Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS on EdgeRouter X, EdgeRouter Pro X SFP, EdgeRouter 10X and EdgePoint 6-port routers. User interaction is required to exploit this vulnerability in that an administrator must...
GHSA-RWGM-F83R-V3QJ Improper Certificate Validation in WP-CLI framework
Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...
Improper Certificate Validation in WP-CLI framework
Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...
Improper Certificate Validation in WP-CLI framework
Description Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including...
Improper Certificate Validation in WP-CLI framework
Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...
Unspecified Vulnerability in JetBrains WebStorm
JetBrains WebStorm is an application from the Czech company JetBrains. Provides an IDE for programming. A security vulnerability exists in JetBrains WebStorm versions prior to 2021.1. The vulnerability stems from the program's use of HTTP requests instead of HTTPS.No detailed vulnerability detail...
CVE-2021-31898
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...
Design/Logic Flaw
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...
CVE-2021-31898
CVE-2021-31898 affects JetBrains WebStorm prior to 2021.1, where HTTP requests were used instead of HTTPS. The issue is documented across multiple sources (NVD entry and Red Hat/CNVD mirrors, PT-Security notes, and JetBrains’ security bulletin), with CVSS data indicating NETWORK access, low compl...
CVE-2021-31898
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...
Internet Bug Bounty: "urllib" will result to deny of service
if a client request a http/https/ftp service which is controlled by attacker, attacker can make this client hang forever, event client has set "timeout" argument. maybe this client also will consume more and more memory. i does not test on this conclusion. client.py import urllib.request req =...