Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache poisoning vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-47143
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 up to and including 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an malicious user to conduct various attacks against the vulnerable system...
Ibm Tivoli Application Dependency Discovery Manager
9.8
CVSSv3
CVE-2024-23653
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use th...
Mobyproject Buildkit
3 Github repositories
9.8
CVSSv3
CVE-2023-27238
LavaLite CMS v 9.0.0 exists to be vulnerable to web cache poisoning.
Lavalite Lavalite 9.0.0
9.8
CVSSv3
CVE-2023-25690
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 up to and including 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches...
Apache Http Server
8 Github repositories
9.8
CVSSv3
CVE-2022-34294
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.
Totd Project Totd 1.5.3
9.8
CVSSv3
CVE-2021-39363
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.
Honeywell Hdzp252di Firmware 1.00.hw02.4
Honeywell Hbw2per1 Firmware 1.000.hw01.3
9.8
CVSSv3
CVE-2021-41589
In Gradle Enterprise prior to 2021.3 (and Enterprise Build Cache Node prior to 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration use...
Gradle Build Cache Node
Gradle Enterprise
9.8
CVSSv3
CVE-2021-35474
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Apache Traffic Server
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2020-27619
In Python 3 up to and including 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
Python Python
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.2.0
9.8
CVSSv3
CVE-2015-5741
The net/http library in net/http/transfer.go in Go prior to 1.4.3 does not properly parse HTTP headers, which allows remote malicious users to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
Golang Go
Redhat Openstack 7.0
Redhat Openstack 8
Redhat Enterprise Linux 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »