Lucene search
K

4659 matches found

OSV
OSV
added 2022/02/09 11:3 p.m.1 views

GHSA-F268-65QC-98VG Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.3CVSS6.9AI score0.57286EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.4 views

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a buffer error vulnerability that exists due to a boundary error when processing HTML content. An attacker could exploit the vulnerability to create a specially crafted web page, trick a victim...

8.8CVSS9.1AI score0.00521EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.17 views

Sensio Labs Twig 代码代码注入漏洞

Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...

9.8CVSS5.8AI score0.08209EPSS
Exploits3References13
RedHat Linux
RedHat Linux
added 2022/02/03 10:0 a.m.98 views

varnish: HTTP/1 request smuggling vulnerability

A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...

9.1CVSS7AI score0.01957EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/02 1:56 p.m.4 views

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS5.7AI score0.01287EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/02/02 1:51 p.m.3 views

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS5.7AI score0.01287EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/02/02 1:28 p.m.3 views

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS5.7AI score0.01287EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.5 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A type obfuscation vulnerability exists in Google Chrome, which can be exploited by remote attackers to potentially exploit heap corruption via well-designed HTML pages...

8.8CVSS8.4AI score0.00745EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.5 views

Google Chrome 安全特征问题漏洞

Google Chrome is a web browser from Google, Inc. A security feature vulnerability exists in versions of Google Chrome prior to 98.0.4758.80, which can be exploited by remote attackers to bypass navigation restrictions via carefully designed HTML pages...

8.8CVSS8.4AI score0.00952EPSS
Exploits1References10
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.3 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A resource management error vulnerability exists in versions of Google Chrome prior to 98.0.4758.80. A remote attacker could exploit the vulnerability to exploit heap corruption via a carefully crafted HTML page...

8.8CVSS8.4AI score0.00761EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2022/02/01 12:0 a.m.6 views

The vulnerability of TP-Link Archer AX10 router’s microprogramming software, related to deficiencies in HTTP request processing, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of TP-Link Archer AX10 router’s microprogramming software is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

7.8CVSS7.2AI score0.02348EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/01/26 1:15 a.m.2 views

UBUNTU-CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

9.1CVSS7.1AI score0.01957EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/01/26 12:0 a.m.7 views

PT-2022-16370

Name of the Vulnerable Software and Affected Versions Varnish Cache versions 6.0.0 through 6.6.1 Varnish Cache 6.0 LTS versions 6.0.0 through 6.0.9 Varnish Cache 7.x versions 7.0.0 through 7.0.1 Varnish Enterprise Cache Plus 4.1.x versions 4.1.0 through 4.1.11r5 Varnish Enterprise Cache Plus 6.0....

9.1CVSS5.8AI score0.01957EPSS
Exploits0References54
CNNVD
CNNVD
added 2022/01/26 12:0 a.m.7 views

Reolink Rlc-410W 输入验证错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A denial of service vulnerability exists in Reolink RLC-410W, which can be exploited by attackers to cause a reboot via a compiled HTTP request...

8.6CVSS5.6AI score0.01145EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.5 views

Apache ShenYu 访问控制错误漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...

7.5CVSS5.6AI score0.03771EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/01/20 12:0 a.m.5 views

The vulnerabilities of the Transfer-Encoding and Content-Length headers in the Netty network programming framework, related to deficiencies in HTTP request interpretation, allow attackers to compromise data integrity.

The vulnerability of the Transfer-Encoding and Content-Length headers in the Netty network programming framework is related to a lack of proper interpretation of HTTP requests. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

7.5CVSS6.9AI score0.03617EPSS
Exploits1References11Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/01/20 12:0 a.m.4 views

The vulnerability of the Netty network programming framework lies in the lack of proper interpretation of HTTP requests, which allows attackers to compromise data integrity.

The vulnerability of the Netty network programming framework is related to a lack of proper interpretation of HTTP requests. Exploiting this vulnerability allows an attacker to compromise data integrity from a remote location...

5.9CVSS6.5AI score0.04935EPSS
Exploits0References8Affected Software5
RedHat Linux
RedHat Linux
added 2022/01/19 1:25 p.m.3 views

haproxy: an HTTP method name may contain a space followed by the name of a protected resource

haproxy has an input validation flaw that could allow a remote attacker to bypass implemented security restrictions. An HTTP method name may contain a space followed by the name of a protected resource. Given this, It is possible that an server would interpret this as a request for that protected...

5.3CVSS5.9AI score0.0177EPSS
Exploits0References4
OSV
OSV
added 2022/01/19 12:15 p.m.4 views

CVE-2022-21381

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications component: WebUI. Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise...

6.4CVSS6.9AI score0.0057EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/19 12:15 p.m.3 views

CVE-2022-21373

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite component: Reseller Locator. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner...

6.1CVSS6.4AI score0.00706EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder