Lucene search
K

7691 matches found

Debian CVE
Debian CVE
added 2021/05/27 12:0 a.m.41 views

CVE-2021-28662

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...

6.5CVSS7.1AI score0.71867EPSS
Exploits0
Cvelist
Cvelist
added 2021/05/27 12:0 a.m.48 views

CVE-2021-28662

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...

7.1AI score0.71867EPSS
Exploits0References8
CVE
CVE
added 2021/05/27 12:0 a.m.316 views

CVE-2021-28662

CVE-2021-28662 affects Squid 4.x before 4.15 and 5.x before 5.0.6. A remote server sending a certain HTTP/HTTPS response header can trigger a denial-of-service in the proxy via input/response handling. This is the same class of DoS as described in multiple advisories (e.g., Arch Linux, Debian, Al...

6.5CVSS6.7AI score0.71867EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2021/05/27 12:0 a.m.2 views

EUVD-2021-15326

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...

6.5CVSS6.9AI score0.71867EPSS
Exploits0References14
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.5 views

Apache Fineract 安全漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. A security vulnerability exists in Apach...

7.4CVSS5.6AI score0.03401EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2021/05/27 12:0 a.m.43 views

CVE-2021-28662

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...

6.5CVSS7AI score0.71867EPSS
Exploits0
Prion
Prion
added 2021/05/26 8:15 p.m.14 views

Design/Logic Flaw

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM and MCSESP V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker...

7.5CVSS9.3AI score0.014EPSS
Exploits0References1Affected Software16
CVE
CVE
added 2021/05/26 7:19 p.m.46 views

CVE-2021-22731

CVE-2021-22731 affects Schneider Electric Modicon Managed Switch MCSESM* and MCSESP* up to version 8.21. Description: Weak Password Recovery Mechanism for Forgotten Password enables an unauthorized password change via HTTP/HTTPS when basic user information is known by a remote attacker. Impact: p...

9.8CVSS9.2AI score0.014EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2021/05/20 9:30 p.m.81 views

ABPTTS - TCP Tunneling Over HTTP/HTTPS For Web Application Servers

A Black Path Toward The Sun TCP tunneling over HTTP for web application servers https://www.blackhat.com/us-16/arsenal.htmla-black-path-toward-the-sun Ben Lincoln, NCC Group, 2016 ABPTTS uses a Python client script and a web application server page/package1 to tunnel TCP traffic over an HTTP/HTTP...

7.2AI score
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2021/05/20 12:0 a.m.64 views

Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS on EdgeRouter X, EdgeRouter Pro X SFP, EdgeRouter 10X and EdgePoint 6-port routers. User interaction is required to exploit this vulnerability in that an administrator must...

7.5CVSS4.1AI score0.01292EPSS
Exploits0References1
OSV
OSV
added 2021/05/19 11:3 p.m.20 views

GHSA-RWGM-F83R-V3QJ Improper Certificate Validation in WP-CLI framework

Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...

9.1CVSS8.5AI score0.01312EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2021/05/19 11:3 p.m.67 views

Improper Certificate Validation in WP-CLI framework

Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...

9.1CVSS0.6AI score0.01312EPSS
Exploits0References10Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/05/14 2:37 p.m.20 views

Improper Certificate Validation in WP-CLI framework

Description Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including...

7.5CVSS7.2AI score0.01312EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/05/14 2:37 p.m.29 views

Improper Certificate Validation in WP-CLI framework

Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...

9.1CVSS8.5AI score0.01312EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2021/05/14 12:0 a.m.7 views

Unspecified Vulnerability in JetBrains WebStorm

JetBrains WebStorm is an application from the Czech company JetBrains. Provides an IDE for programming. A security vulnerability exists in JetBrains WebStorm versions prior to 2021.1. The vulnerability stems from the program's use of HTTP requests instead of HTTPS.No detailed vulnerability detail...

7.5CVSS6.8AI score0.00628EPSS
Exploits0References1
NVD
NVD
added 2021/05/11 1:15 p.m.19 views

CVE-2021-31898

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...

7.5CVSS0.00628EPSS
Exploits0References2
Prion
Prion
added 2021/05/11 1:15 p.m.17 views

Design/Logic Flaw

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...

5CVSS7.6AI score0.00628EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/11 12:18 p.m.46 views

CVE-2021-31898

CVE-2021-31898 affects JetBrains WebStorm prior to 2021.1, where HTTP requests were used instead of HTTPS. The issue is documented across multiple sources (NVD entry and Red Hat/CNVD mirrors, PT-Security notes, and JetBrains’ security bulletin), with CVSS data indicating NETWORK access, low compl...

7.5CVSS7.5AI score0.00628EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/11 12:18 p.m.20 views

CVE-2021-31898

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...

8.3AI score0.00628EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/05/07 5:14 p.m.62 views

Internet Bug Bounty: "urllib" will result to deny of service

if a client request a http/https/ftp service which is controlled by attacker, attacker can make this client hang forever, event client has set "timeout" argument. maybe this client also will consume more and more memory. i does not test on this conclusion. client.py import urllib.request req =...

7.1CVSS7.8AI score0.11586EPSS
Exploits1
Rows per page
Query Builder