Lucene search
K

133 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.3 views

SUSE CVE-2013-4999

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and ErrorHandler.class.php...

5CVSS6.7AI score0.01799EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.3 views

SUSE CVE-2013-5000

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files...

5CVSS6.7AI score0.01266EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-37797

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

7.5CVSS7.2AI score0.0198EPSS
Exploits1References4
Snyk
Snyk
added 2023/01/10 10:43 p.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS by sending an invalid request to an exposed endpoint. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

7.5CVSS7AI score0.0274EPSS
Exploits0References2
Snyk
Snyk
added 2023/01/10 10:43 p.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS by sending an invalid request to an exposed endpoint. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

7.5CVSS7AI score0.0274EPSS
Exploits0References2
Snyk
Snyk
added 2023/01/10 10:43 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS by sending an invalid request to an exposed endpoint. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

7.5CVSS7AI score0.0274EPSS
Exploits0References2
OSV
OSV
added 2022/09/12 3:15 p.m.1 views

UBUNTU-CVE-2022-37797

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

7.5CVSS7AI score0.0198EPSS
Exploits1References4
OSV
OSV
added 2022/05/13 1:14 a.m.1 views

GHSA-JC7P-5R39-9477 Improper Input Validation in Apache Tomcat

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

7.1CVSS7.1AI score0.39633EPSS
Exploits6References60
OSV
OSV
added 2022/05/13 1:12 a.m.14 views

GHSA-XR24-JP5C-6C4V Moodle reveals absolute path in exception message

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message...

5CVSS8.9AI score0.01393EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.2 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:57 p.m.2 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/31 3:40 p.m.4 views

undertow: invalid HTTP request with large chunk size

A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling...

6.5CVSS5.7AI score0.01005EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.2 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/11 7:9 a.m.3 views

undertow: invalid HTTP request with large chunk size

A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling...

6.5CVSS5.7AI score0.01005EPSS
Exploits0References4
CNVD
CNVD
added 2020/04/28 12:0 a.m.2 views

Red Hat Undertow Input Validation Error Vulnerability

Red Hat Undertow is a U.S. Red Hat Red Hat, a Java-based embedded Web server, is the default Web server Wildfly Java application server. A security vulnerability exists in Red Hat Undertow that stems from allowing invalid characters in HTTP requests. An attacker could exploit this vulnerability t...

5.8CVSS6.2AI score0.01147EPSS
Exploits0References1
OSV
OSV
added 2020/01/30 7:15 p.m.3 views

CVE-2020-3147

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this...

7.5CVSS7.2AI score0.0228EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.100 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2019-0243)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not sk...

8.6CVSS6.9AI score0.05177EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/12/26 4:40 p.m.27 views

CVE-2019-16789

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...

8.2CVSS6.3AI score0.02587EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/12/02 12:0 a.m.30 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2019-0220)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not sk...

8.6CVSS6.9AI score0.05177EPSS
Exploits0References3
Prion
Prion
added 2019/11/15 9:15 p.m.15 views

Design/Logic Flaw

On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data...

4CVSS6.2AI score0.00859EPSS
Exploits0References1Affected Software13
Rows per page
Query Builder