164 matches found
UBUNTU-CVE-2023-32206
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...
DEBIAN-CVE-2023-2465
Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 113 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 113.0.5672.63 Linux and Mac, 113.0.5672.63/.64 Windows contains a number of fixes and improvements -- a list of changes is...
Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2023-113)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-113 advisory. Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked...
Debian: Security Advisory (DLA-113-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-42471
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...
Crlf injection
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...
CVE-2022-42471
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...
CVE-2022-42471
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...
CVE-2022-42471
FortiWeb is affected by CVE-2022-42471 due to improper neutralization of CRLF sequences in HTTP headers (HTTP Response Splitting). The issue affects FortiWeb versions 7.0.0–7.0.2, 6.4.0–6.4.2, and 6.3.6–6.3.20, allowing an authenticated, remote attacker to inject arbitrary headers. Root cause: im...
FortiWeb - header injection in FortiWeb API
An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary headers...
Western Digital My Cloud Home 路径遍历漏洞
Western Digital My Cloud Home is an easy-to-use personal cloud storage device from Western Digital. It plugs directly into a Wi-Fi router to protect your digital life. A security vulnerability exists in Western Digital My Cloud Home, which stems from an HTTP API that allows an attacker to abuse...
Upgraded Q -> M from 113 [1660684075488]
Judge has assessed an item in Issue 113 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...
[SECURITY] Fedora 34 Update: pesign-113-18.fc34
This package contains the pesign utility for signing UEFI binaries as well as other associated tools...
Adobe Photoshop 22.x < 22.5.4 / 23.x < 23.1 Multiple Vulnerabilities (APSB21-113)
The version of Adobe Photoshop installed on the remote Windows host is prior to 22.5.4/23.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-113 advisory. - Adobe Photoshop versions 23.0.2 and 22.5.4 and earlier are affected by an out-of-bounds write vulnerabili...
Backdoor.Win32.Whisper.b Remote Stack Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a0edb91f62c8c083ec35b32a922168d1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Whisper.b Vulnerability: Remote Stack Corruption Description: Whisper.b listens on TC...
Linux/x86 - Socat Bind Shellcode (113 bytes)
/ Exploit Title: Linux/x86 - Socat Bind Shellcode 113 bytes Author: Felipe Winsnes Tested on: Debian x86 Shellcode Length: 113 global start section .text start: xor eax, eax push eax PUSH 0x30303030 ; "tcp-listen:10000" PUSH 0x313a6e65 PUSH 0x7473696c PUSH 0x2d706374 mov esi, esp push eax PUSH...
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...
D-Link DGS-1250 Header Injection
D-Link DGS-1250 header injection vulnerability ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt Overview -------- D-Link DGS-1250 switch is susceptible to a header injection...
CVE-2014-3136
Cross-site request forgery CSRF vulnerability in D-Link DWR-113 Rev. Ax with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors...