3707 matches found
CVE-2023-52274
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header...
CVE-2023-52274
CVE-2023-52274 affects YzmCMS versions 6.5–7.0, where a cross-site scripting (XSS) vulnerability exists in member/index/register.html via the Referer HTTP header. The CNVD/NVD/OSV/CVE entries describe the root cause as insufficient filtering/escaping of user-supplied data in the Referer header, e...
CVE-2023-48256
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...
Medium: squid
Issue Overview: Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to...
Security Bulletin: IBM Operational Decision Manager for December 2023 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-37920...
SUSE-SU-2024:0034-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2023-49081: fixed an HTTP header injection via a crafted version bsc1217684...
SUSE-SU-2024:0033-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2023-49081: fixed an HTTP header injection via a crafted version bsc1217684...
CVE-2023-4463
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...
Design/Logic Flaw
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...
CVE-2023-4463
The CVE-2023-4463 entry affects Poly CCX 400, CCX 600, Trio 8800, and Trio C60. The vulnerability is in the HTTP Header Handler component, where manipulating the Cookie argument can cause denial of service. Exploitation can be performed remotely, and public disclosure of the exploit is noted. Con...
CVE-2023-4463 Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...
PT-2023-29275 · Poly · Poly Ccx 400 +3
Name of the Vulnerable Software and Affected Versions: Poly CCX 400 affected versions not specified Poly CCX 600 affected versions not specified Poly Trio 8800 affected versions not specified Poly Trio C60 affected versions not specified Description: A vulnerability was found in the HTTP Header...
What is maximum HTTP header length on NetScaler
This article explains the maximum HTTP header length on NetScaler...
actionpack: Possible XSS via User Supplied Values to redirect_to
A Cross-site Scripting XSS vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance o...
Denial Of Service (DoS)
github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability exists because the readChunkLine function in chunked.go does not properly check the bytes from the request or response body. A malicious attacker can exploit this to cause a server to automatically read a large amount ...
Qlik Sense Enterprise HTTP Tunneling RCE
The version of Qlik Sense Enterprise installed on the remote Windows host is prior to November 2021 Patch 17, February 2022 prior to Patch 15, May 2022 prior to Patch 16, August 2022 prior to Patch 14, November 2022 prior to Patch 12, February 2023 prior to Patch 10, May 2023 prior to Patch 6 or...
Security Bulletin: IBM Cloud Pak for Data Scheduling was built with a vulnerable golang compiler. ( CVE-2023-29406, CVE-2023-29409 )
Summary Golang compiler is used by IBM Cloud Pak for Data Scheduling to build the scheduler binaries. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP header injection, caused by improper contents validation of Host header by the HTTP/1 client. By persuading...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
Open Redirect
apache-superset is vulnerable to Open Redirect. The vulnerability is caused due to lack of validation of HTTP host header. An authenticated attacker can spoof the HTTP host header and redirect users to the website of attacker's choice. An attacker can perform a phishing attack by exploiting this...
CVE-2023-42502
Affected software: Apache Superset. Vulnerability: open redirect via spoofing the HTTP Host header. Root cause: authenticated attackers with update datasets permission can modify a dataset link to point to an untrusted site, causing users to be redirected when clicking that dataset. Impact: poten...