Lucene search
K

772 matches found

RedHat Linux
RedHat Linux
added 2022/05/11 6:46 p.m.5 views

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS5.7AI score0.04935EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/11 6:25 p.m.3 views

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS5.7AI score0.04935EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/11 6:23 p.m.3 views

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS5.7AI score0.04935EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/11 6:11 p.m.3 views

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS5.7AI score0.04935EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/11 6:10 p.m.3 views

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS5.7AI score0.04935EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/11 5:58 p.m.2 views

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS5.7AI score0.04935EPSS
Exploits0References5
OSV
OSV
added 2022/05/11 8:0 a.m.6 views

CURL-CVE-2022-30115 HSTS bypass via trailing dot

curl's HSTS check could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the hostname in the given URL used ...

4.3CVSS4.5AI score0.01118EPSS
Exploits1
OSV
OSV
added 2022/05/11 8:0 a.m.6 views

CURL-CVE-2022-27779 cookie for trailing dot TLD

libcurl wrongly allows HTTP cookies to be set for Top Level Domains TLDs if the hostname is provided with a trailing dot. curl can be told to receive and send cookies when communicating using HTTPS. curl's "cookie engine" can be built with or without Public Suffix List awareness. If PSL support n...

5.3CVSS5.2AI score0.02414EPSS
Exploits1
curl security advisories
curl security advisories
added 2022/05/11 8:0 a.m.8 views

cookie for trailing dot TLD

libcurl wrongly allows HTTP cookies to be set for Top Level Domains TLDs if the hostname is provided with a trailing dot. curl can be told to receive and send cookies when communicating using HTTPS. curl's "cookie engine" can be built with or without Public Suffix List awareness. If PSL support n...

5.3CVSS6.5AI score0.02414EPSS
Exploits1References1Affected Software2
curl security advisories
curl security advisories
added 2022/05/11 8:0 a.m.7 views

HSTS bypass via trailing dot

curl's HSTS check could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the hostname in the given URL used ...

4.3CVSS6.4AI score0.01118EPSS
Exploits1References1Affected Software2
Hacker One
Hacker One
added 2022/05/11 7:10 a.m.60 views

Internet Bug Bounty: CVE-2022-30115: HSTS bypass via trailing dot

Advisory: https://curl.se/docs/CVE-2022-30115.html Original Report: https://hackerone.com/reports/1557449 Impact HSTS bypass...

4CVSS6.3AI score0.01118EPSS
Exploits1
Hacker One
Hacker One
added 2022/05/11 7:2 a.m.106 views

Internet Bug Bounty: CVE-2022-27779: cookie for trailing dot TLD

Published Advisory: https://curl.se/docs/CVE-2022-27779.html Original Report: https://hackerone.com/reports/1553301 Impact This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. ie. conduct session fixation attacks...

5CVSS6.6AI score0.02414EPSS
Exploits1
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.1 views

curl 安全漏洞

curl is a tool used to transfer data from and to servers. curl versions 7.82.0 to 7.83.1 are vulnerable to an information disclosure vulnerability that stems from the fact that libcurl incorrectly allows cookies to be set for top-level domains TLDs if the hostname has a trailing dot, which can te...

5.3CVSS6.8AI score0.02414EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2022/05/11 12:0 a.m.36 views

CVE-2022-27779

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

5.3CVSS6.8AI score0.02414EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/05/10 5:31 p.m.58 views

CVE-2022-23267

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS2.3AI score0.04935EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/05/03 9:3 a.m.58 views

curl: CVE-2022-30115: HSTS bypass via trailing dot

curl allows users to load a HSTS cache which will cause curl to use HTTPS instead of HTTP given a HTTP URL for a given site specified in the HSTS cache. If the trailing dot is used, the HSTS check will be bypassed. If a user has a preloaded hsts.txt: Your HSTS cache. https://curl.se/docs/hsts.htm...

4CVSS0.3AI score0.01118EPSS
Exploits1
GithubExploit
GithubExploit
added 2022/04/29 5:23 p.m.10 views

Exploit for Unrestricted Upload of File with Dangerous Type in Intelliants Subrion_Cms

SubrionCMS-4.2.1-File-upload-RCE-auth- This is an edited versi...

7.2CVSS7.1AI score0.64261EPSS
Exploits10
Hacker One
Hacker One
added 2022/04/28 8:30 a.m.98 views

curl: CVE-2022-27779: cookie for trailing dot TLD

Summary: In CVE-2014-3620 curl prevents cookies from being set for Top Level Domains TLDs. According to the advisory, curl's "cookie parser has no Public Suffix awareness", but it will "reject TLDs from being allowed". However, a cookie can still be set for a TLD + trailing dot. A trailing dot...

5CVSS6.8AI score0.04876EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/04/27 12:0 a.m.5 views

PT-2022-16958 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1 Description: The issue allows creating files and folders with leading and trailing , r, t, and v characters. The server rejects these characters when they appear in the...

7.5CVSS5.2AI score0.02421EPSS
Exploits3References29
OSV
OSV
added 2022/04/11 8:15 p.m.2 views

UBUNTU-CVE-2021-43177

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N...

5.3CVSS6AI score0.00846EPSS
Exploits0References6
Rows per page
Query Builder