Lucene search
K

7081 matches found

RedHat Linux
RedHat Linux
added 2021/06/03 11:22 a.m.2 views

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS7.2AI score0.03772EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/06/03 11:21 a.m.4 views

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS7.2AI score0.03772EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/03 12:0 a.m.4 views

McAfee 安全漏洞

Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...

5.6AI score
Exploits0References1
OSV
OSV
added 2021/06/02 1:15 p.m.4 views

CVE-2021-23895

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

8CVSS7.3AI score0.0187EPSS
Exploits0References1
NVD
NVD
added 2021/06/02 1:15 p.m.16 views

CVE-2021-23895

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

9CVSS0.0187EPSS
Exploits0References1
OSV
OSV
added 2021/06/02 1:15 p.m.2 views

CVE-2021-23894

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

8.8CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/06/02 12:0 a.m.5 views

PT-2021-15597 · Mcafee · Mcafee Database Security

Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2 Description: The issue allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent t...

9CVSS7.9AI score0.0187EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.3 views

Mcafee Database Security Server 代码问题漏洞

Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...

10CVSS5.8AI score0.02242EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.5 views

Mcafee Database Security Server 代码问题漏洞

Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...

9CVSS5.8AI score0.0187EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/06/01 4:12 a.m.4 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/06/01 12:0 a.m.26 views

FreeBSD : Prometheus -- arbitrary redirects (59ab72fb-bccf-11eb-a38d-6805ca1caf5c)

Prometheus reports : Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an...

6.5CVSS6.6AI score0.1956EPSS
Exploits0References2
CNVD
CNVD
added 2021/05/31 12:0 a.m.7 views

IBM Application Gateway Information Disclosure Vulnerability

IBM Application Gateway is an application gateway from IBM America, Inc. It provides a containerized, secure Web Reverse Proxy that is designed to sit in front of your application and seamlessly add authentication and authorization protection to your application. An information disclosure...

9CVSS5.9AI score0.02476EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/05/29 12:30 p.m.525 views

slopShell - The Only Php Webshell You Need

php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need 2 things, a victim that allows php file uploadyourself, in an educational environment and a way to send http requests to this webshell. Basic Usage VideoHosted on Youtube: Current VT Detection...

6.9AI score
Exploits0References5
CNNVD
CNNVD
added 2021/05/28 12:0 a.m.7 views

IBM Application Gateway 安全漏洞

IBM Application Gateway is an application gateway from IBM America, Inc. provides a containerized, secure Web reverse proxy that is designed to sit in front of your application and seamlessly add authentication and authorization protection to your application. A security vulnerability exists in I...

9CVSS6.3AI score0.02476EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/05/26 7:41 a.m.1 views

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS7.2AI score0.03772EPSS
Exploits0References5
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.325 views

nginx: Remote code execution

Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description It was discovered that nginx did not properly handle DNS responses when “resolver” directive is used. Impact A remote attacker, able to provide DNS responses to a nginx instance, could cause the...

7.7CVSS7.5AI score0.52838EPSS
Exploits10
OSV
OSV
added 2021/05/21 2:26 p.m.11 views

GHSA-6QGM-FV6V-RFPV Overflow/denial of service in `tf.raw_ops.ReverseSequence`

Impact The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. python import tensorflow as tf input = tf.zeros1, 1, 1, dtype=tf.int32 seqlengths = tf.constant0, shape=1, dtype=tf.int32 tf.rawops.ReverseSequence input=input,...

2.5CVSS5.9AI score0.00198EPSS
Exploits1References7
OSV
OSV
added 2021/05/21 2:24 p.m.2 views

GHSA-FXQH-CFJM-FP93 Division by 0 in `Reverse`

Impact An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse: python import tensorflow as tf tensorinput = tf.constant, shape=0, 1, 1, dtype=tf.int32 dims = tf.constantFalse, True, False, shape=3, dtype=tf.bool tf.rawops.Reversetensor=tensorinput, dims=dims This i...

2.5CVSS5.8AI score0.00189EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/05/20 12:0 a.m.4 views

Admidio 代码问题漏洞

Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A security vulnerability exists in versions prior to Admidio 4.0.4, which stems from the fact that someone with upload privileges c...

9.6CVSS7.9AI score0.01562EPSS
Exploits1References4
OSV
OSV
added 2021/05/19 8:15 p.m.20 views

CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

6.1CVSS6.6AI score
Exploits0References3
Rows per page
Query Builder