Denial Of Service (DoS)

gsoap is vulnerable to denial of service DoS. The vulnerability exists in the WS-Security plugin functionality when processing a SOAP request...

CVE-2020-27728

On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon AVRD may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices...

CVE-2020-35453

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1...

RHEL 7 : squid (RHSA-2020:4082)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4082 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: HTTP...

CVE-2020-25255

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service outage of connection-request processing via a long user ID, which triggers an excepti...

Design/Logic Flaw

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1)

This update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI...

Cisco Data Center Network Manager getAllTemplate SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager getModules SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager getSanIslListWithPM SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager getVpcHistory SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager getSanZoneList SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

SUSE-SU-2019:3067-1 Security update for squid

This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...

OPENSUSE-SU-2019:2540-1 Security update for squid

This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...

Squid Cross-Site Request Forgery Vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A cross-site request forgery vulnerability exists in the HTTP request processing in Squid, which arises from a WEB...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Cisco Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...

Low: mod_http2

Issue Overview: A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 Affected Packages...

Denial Of Service (DoS)

Microsoft .NET Framework is vulnerable to denial of serviceDoS attacks. A remote user could send specially crafted requests to the target .NET web application to trigger a request processing error in the Microsoft Common Object Runtime Library and cause denial of service conditions which leads...

Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2019-13859)

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A denial of service vulnerability exists in Microsoft ASP.NET Core...