Lucene search
K

109 matches found

CNNVD
CNNVD
added 2023/03/15 12:0 a.m.6 views

Array Networks ArrayOS AG 授权问题漏洞

Array Networks ArrayOS AG is an SSL-VPN product from Array Networks that enables secure remote access regardless of user, device or location. It provides scalable and controllable remote and mobile access to corporate networks, enterprise applications and cloud services for any user, any device,...

9.8CVSS8.8AI score0.67645EPSS
Exploits0References2
OSV
OSV
added 2023/02/16 7:15 p.m.3 views

CVE-2022-42472

A improper neutralization of crlf sequences in http headers 'http response splitting' in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10,...

5.4CVSS5.8AI score0.00464EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.2 views

SUSE CVE-2015-5251

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

5.5CVSS6.9AI score0.02035EPSS
Exploits0References4
OSV
OSV
added 2023/01/01 8:15 a.m.5 views

CVE-2022-45027

perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address...

5.3CVSS5.8AI score0.00601EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/15 12:0 a.m.5 views

WordPress plugin RSFirewall 1.1.25 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS8.4AI score0.00509EPSS
Exploits1References3
OSV
OSV
added 2022/12/08 8:15 p.m.7 views

AZL-35113 CVE-2022-41717 affecting package prometheus for versions less than 2.45.4-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/11/21 11:15 a.m.5 views

CVE-2022-1581

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

5.3CVSS5.8AI score0.0063EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.5 views

Bifrost 授权问题漏洞

Bifrost is brokercap individual developers for production environments for MySQL, MariaDB synchronization to Redis, ClickHouse, Elasticsearch and other services, heterogeneous middleware . A security vulnerability exists in Bifrost versions prior to 1.8.8. An attacker exploiting this vulnerabilit...

8.8CVSS7.9AI score0.00727EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.5 views

PT-2022-16781 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus versions 2.10.x through 2.10.3 Description: The issue is related to Quarkus not terminating HTTP requests header context, which may lead to unpredictable behavior. This is a problem in the framework that can cause unexpected outcomes...

9.8CVSS6.9AI score0.01497EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/08/17 12:0 a.m.8 views

PT-2022-13632 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server version V1.22 Description: A denial-of-service condition can be created in the software by sending a crafted HTTP packet with a large content-length header. This issue affects the Softing Secure Integration...

7.5CVSS7.3AI score0.01324EPSS
Exploits0References5
OSV
OSV
added 2022/08/01 4:15 p.m.4 views

CVE-2022-34163

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333...

6.1CVSS5.7AI score0.00583EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.6 views

Rockwell Automation MicroLogix 1100 和 1400 安全漏洞

The Rockwell Automation MicroLogix 1400 and Rockwell Automation MicroLogix 1100 are both products of Rockwell Automation, Inc.The Rockwell Automation MicroLogix 1400 is a programmable logic controller. The Rockwell Automation MicroLogix 1400 is a programmable logic controller.The Rockwell...

6.5CVSS6.6AI score0.01051EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.7 views

CVE-2022-1762

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

7.5CVSS7.1AI score0.01191EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.6 views

Dotnet 代码问题漏洞

Dotnet is an open source http web framework. A code issue vulnerability exists in Dotnet that stems from an error in the HTTP header of the product's ASP.NET Core Krestel component. An attacker could cause a denial of service via this vulnerability...

5.5AI score
Exploits0References3
OSV
OSV
added 2021/10/19 7:15 p.m.5 views

CVE-2021-31349

The usage of an internal HTTP header created an authentication bypass vulnerability CWE-287, allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to...

9.8CVSS5.9AI score0.01666EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.4 views

Afian AB FileRun 跨站脚本漏洞

Afian Ab Afian AB FileRun is an extensible file manager from Afian AB Afian Ab, Sweden, that features file sharing, cloud file storage, and more. Afian AB FileRun 2021.03.26 A cross-site scripting vulnerability exists that allows attackers to store cross-site scripts via HTTP X-Forwarded-For...

6.1CVSS5.9AI score0.00712EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.3 views

imgurl跨站脚本漏洞

imgurl is a simple, pure graph bed program developed using PHP + SQLite 3. A cross-site scripting vulnerability exists in imgURL version 2.31, which allows attackers to trigger cross-site scripting via the X-Forwarded-For HTTP header...

5.4CVSS5.5AI score0.00527EPSS
Exploits1References2
OSV
OSV
added 2021/05/28 12:15 p.m.1 views

ALPINE-CVE-2021-33620

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service affecting availability to all clients via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server...

6.5CVSS6.8AI score0.79583EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/12/18 12:0 a.m.3 views

The vulnerability of the Twisted Web network framework’s component, allowing a hacker to cause a service failure

The vulnerability of the Twisted Web network framework’s component involves insufficient validation of input data during the processing of HTTP headers. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

10CVSS7.3AI score0.03298EPSS
Exploits1References15Affected Software10
BDU FSTEC
BDU FSTEC
added 2020/12/10 12:0 a.m.22 views

The vulnerability of the microprogramming software for Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 allows a hacker to obtain information about the SMTP server configuration, including user logins and passwords.

The vulnerability of the microprogramming software in Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 controllers is related to security mechanism failures. Exploiting this vulnerability can allow attackers to obtain information about the SMTP server configuration, includin...

5.3CVSS5.5AI score0.00898EPSS
Exploits0References2
Rows per page
Query Builder