Lucene search
+L

131 matches found

NVD
NVD
added 2020/02/12 12:15 a.m.16 views

CVE-2020-8890

An issue was discovered in MISP before 2.4.121. It mishandled time skew between the machine hosting the web server and the machine hosting the database when trying to block a brute-force series of invalid requests...

5.9CVSS5.7AI score0.01089EPSS
Exploits0References3
NVD
NVD
added 2020/02/12 12:15 a.m.20 views

CVE-2020-8892

An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests...

8.1CVSS8AI score0.01722EPSS
Exploits0References3
NVD
NVD
added 2019/12/26 5:15 p.m.20 views

CVE-2019-16789

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...

8.2CVSS6.9AI score0.02587EPSS
Exploits0References8
OSV
OSV
added 2019/08/13 12:0 a.m.4 views

UBUNTU-CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...

7.5CVSS7.1AI score0.82813EPSS
Exploits0References12
NVD
NVD
added 2019/07/09 6:15 a.m.23 views

CVE-2019-13449

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service continual focus grabs via a sequence of invalid launch?action=join&confno= requests to localhost port 19421...

6.5CVSS6.3AI score0.01997EPSS
Exploits1References5
Veracode
Veracode
added 2018/11/12 8:2 a.m.22 views

Hostname Enumeration

github.com/mholt/caddy is vulnerable to hostname enumeration. The vulnerability is possible because the library does not properly return correct certificates if the request is invalid. Using this loophole, an attacker can intentionally send repeated invalid requests with a nonexistent hostname in...

3.7CVSS4.4AI score0.00862EPSS
Exploits1References4Affected Software1
Citrix
Citrix
added 2018/08/09 12:0 a.m.10 views

How to enable "Drop Invalid HTTP Requests" from default HTTP Parameters

This article provides instructions onHow to enable "Drop Invalid HTTP Requests" from default HTTP Parameters...

7AI score
Exploits0
Prion
Prion
added 2018/07/10 6:29 p.m.20 views

Input validation

The SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation for example, where the request is validated for authenticity and validity and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server IGS d...

4.3CVSS5.8AI score0.01556EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/05/11 12:0 a.m.1 views

Unspecified Cross-Site Request Forgery Vulnerability in Multiple SAP Sybase Products

Several SAP Sybase products are products of SAP Germany. An unspecified cross-site request forgery vulnerability exists in multiple SAP Sybase products, which arises from a program that does not properly validate HTTP requests. A remote attacker could exploit the vulnerability to perform certain...

7AI score
Exploits0References1
CNVD
CNVD
added 2017/08/10 12:0 a.m.4 views

MIT Kerberos 5 S4U2Self or S4U2Proxy Request Denial of Service Vulnerability

MIT Kerberos 5 is a set of network authentication protocols, which uses a client/server structure, and both the client and server side can authenticate each other, preventing eavesdropping, preventing replay attacks and so on. MIT Kerberos 5 has a security vulnerability in handling invalid S4U2Se...

6.5CVSS6.9AI score0.02397EPSS
Exploits0References1
OSV
OSV
added 2017/08/09 6:29 p.m.8 views

UBUNTU-CVE-2017-11368

In MIT Kerberos 5 aka krb5 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests...

6.5CVSS6.8AI score0.02397EPSS
Exploits0References3
OSV
OSV
added 2017/08/04 9:29 a.m.3 views

DEBIAN-CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...

7.5CVSS7.2AI score0.02416EPSS
Exploits0References1
OSV
OSV
added 2017/08/04 9:29 a.m.2 views

ALPINE-CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...

7.5CVSS7.2AI score0.02416EPSS
Exploits0References1
OSV
OSV
added 2017/08/04 9:29 a.m.2 views

UBUNTU-CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...

7.5CVSS5.9AI score0.02416EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2017/08/02 12:0 a.m.4 views

PT-2017-12550 · Varnish · Varnish Http Cache

Name of the Vulnerable Software and Affected Versions: Varnish HTTP Cache versions 4.0.1 through 4.0.4 Varnish HTTP Cache versions 4.1.0 through 4.1.7 Varnish HTTP Cache version 5.0.0 Varnish HTTP Cache versions 5.1.0 through 5.1.2 Description: An issue was discovered in the varnishd source code,...

7.5CVSS7.2AI score0.02416EPSS
Exploits0References25
OSV
OSV
added 2017/04/14 2:59 p.m.6 views

CVE-2017-7408

Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license...

7.5CVSS5.8AI score0.01906EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

PAFileDB 3.1 Error Message Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11817/info paFileDB is prone to an installation path disclosure. If invalid requests are made to certain scripts, the installation path is included in the returned error message...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

MyAbraCadaWeb 1.0 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7126/info MyABraCaDaWeb is reported to disclose path information in error messages when handling some invalid requests. This information could be useful in further attacks against a system hosting the software...

7.1AI score
Exploits0
OSV
OSV
added 2013/03/11 4:0 a.m.5 views

UBUNTU-CVE-2013-1831

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message...

5CVSS5.8AI score0.01393EPSS
Exploits0References2
OSV
OSV
added 2011/12/15 3:57 a.m.7 views

DEBIAN-CVE-2011-4597

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series ...

5CVSS6.5AI score0.03277EPSS
Exploits1References1
Rows per page
Query Builder