Lucene search
+L

164 matches found

OSV
OSV
added 2023/05/10 12:0 a.m.3 views

UBUNTU-CVE-2023-32206

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

6.5CVSS6.9AI score0.00703EPSS
Exploits0References6
OSV
OSV
added 2023/05/03 12:15 a.m.3 views

DEBIAN-CVE-2023-2465

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.2AI score0.00966EPSS
Exploits0References1
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2023/05/02 12:0 a.m.215 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 113 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 113.0.5672.63 Linux and Mac, 113.0.5672.63/.64 Windows contains a number of fixes and improvements -- a list of changes is...

8.8CVSS6.5AI score0.00968EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.28 views

Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2023-113)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-113 advisory. Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked...

7.5CVSS7.2AI score0.01336EPSS
Exploits4References6
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.11 views

Debian: Security Advisory (DLA-113-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.0155EPSS
Exploits0References2
NVD
NVD
added 2023/01/03 5:15 p.m.18 views

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...

5.4CVSS5.5AI score0.00463EPSS
Exploits0References1
Prion
Prion
added 2023/01/03 5:15 p.m.26 views

Crlf injection

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...

5.8CVSS5.5AI score0.00463EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/03 4:58 p.m.13 views

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...

5.4CVSS7AI score0.00463EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/03 4:58 p.m.23 views

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...

5.4CVSS5.8AI score0.00463EPSS
Exploits0References1
CVE
CVE
added 2023/01/03 4:58 p.m.58 views

CVE-2022-42471

FortiWeb is affected by CVE-2022-42471 due to improper neutralization of CRLF sequences in HTTP headers (HTTP Response Splitting). The issue affects FortiWeb versions 7.0.0–7.0.2, 6.4.0–6.4.2, and 6.3.6–6.3.20, allowing an authenticated, remote attacker to inject arbitrary headers. Root cause: im...

5.4CVSS5.6AI score0.00463EPSS
Exploits0References1Affected Software1
Fortinet
Fortinet
added 2023/01/03 12:0 a.m.64 views

FortiWeb - header injection in FortiWeb API

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary headers...

4.4AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.6 views

Western Digital My Cloud Home 路径遍历漏洞

Western Digital My Cloud Home is an easy-to-use personal cloud storage device from Western Digital. It plugs directly into a Wi-Fi router to protect your digital life. A security vulnerability exists in Western Digital My Cloud Home, which stems from an HTTP API that allows an attacker to abuse...

4.3CVSS5.1AI score0.00313EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/08/16 12:0 a.m.6 views

Upgraded Q -> M from 113 [1660684075488]

Judge has assessed an item in Issue 113 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Fedora
Fedora
added 2022/03/17 2:42 p.m.14 views

[SECURITY] Fedora 34 Update: pesign-113-18.fc34

This package contains the pesign utility for signing UEFI binaries as well as other associated tools...

2.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/12/14 12:0 a.m.32 views

Adobe Photoshop 22.x < 22.5.4 / 23.x < 23.1 Multiple Vulnerabilities (APSB21-113)

The version of Adobe Photoshop installed on the remote Windows host is prior to 22.5.4/23.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-113 advisory. - Adobe Photoshop versions 23.0.2 and 22.5.4 and earlier are affected by an out-of-bounds write vulnerabili...

7.8CVSS8.2AI score0.00339EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2021/01/20 12:0 a.m.202 views

Backdoor.Win32.Whisper.b Remote Stack Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a0edb91f62c8c083ec35b32a922168d1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Whisper.b Vulnerability: Remote Stack Corruption Description: Whisper.b listens on TC...

Exploits0
0day.today
0day.today
added 2021/01/20 12:0 a.m.56 views

Linux/x86 - Socat Bind Shellcode (113 bytes)

/ Exploit Title: Linux/x86 - Socat Bind Shellcode 113 bytes Author: Felipe Winsnes Tested on: Debian x86 Shellcode Length: 113 global start section .text start: xor eax, eax push eax PUSH 0x30303030 ; "tcp-listen:10000" PUSH 0x313a6e65 PUSH 0x7473696c PUSH 0x2d706374 mov esi, esp push eax PUSH...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/04/03 3:23 p.m.112 views

Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...

9.8CVSS0.1AI score0.01563EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2020/02/21 12:0 a.m.139 views

D-Link DGS-1250 Header Injection

D-Link DGS-1250 header injection vulnerability ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt Overview -------- D-Link DGS-1250 switch is susceptible to a header injection...

Exploits0
NVD
NVD
added 2019/12/27 9:15 p.m.21 views

CVE-2014-3136

Cross-site request forgery CSRF vulnerability in D-Link DWR-113 Rev. Ax with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors...

8.8CVSS8.9AI score0.02889EPSS
Exploits5References3
Rows per page
Query Builder