SUSE-SU-2023:4589-1 Security update for squid

This update for squid fixes the following issues: - CVE-2023-46728: Remove gopher support bsc1216926. - Fixed overread in HTTP request header parsing bsc1217274...

GLSA-202311-09 : Go: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202311-09 Go: Multiple Vulnerabilities - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to HTTP header injection due to [CVE-2023-29406]

Summary Golang Go is used by IBM App Connect Enterprise Certified Container in the operator catalog, the operator and its operands. The IBM App Connect Enterprise Certified Container operator and the IntegrationServer & IntegrationRuntime operands are vulnerable to HTTP header injection leading t...

CVE-2021-22143

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

CVE-2021-22143

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

Design/Logic Flaw

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

CVE-2021-22143 Elastic APM .NET Agent information disclosure

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

CVE-2021-22143 Elastic APM .NET Agent information disclosure

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

CVE-2021-22143

CVE-2021-22143 affects the Elastic APM .NET Agent, where sensitive HTTP header information can be leaked when logging errors because headers may not be sanitized before being sent to the APM server. This vulnerability concerns the Elastic APM .NET Agent components involved in error logging and he...

CVE-2023-48365

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

PT-2023-7288 · Unknown · Weston Embedded Uc-Http

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A memory corruption issue exists in the HTTP Server header parsing functionality. This can be exploited by sending specially crafted network packets, potentially leading to code execution. ...

CVE-2018-8863

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

CVE-2018-8863

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

Hardcoded credentials

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

CVE-2018-8863

CVE-2018-8863 affects Philips EncoreAnywhere (APAC hosted web app); vulnerability arises from an HTTP header that exposes data enabling information disclosure. Affected product/version: EncoreAnywhere 2.36.3.3 or earlier. Impact: confidentiality impact (data exposure); CVSSv3 base score 5.9 (scor...

PT-2023-11230 · Philips · Philips Encoreanywhere

Name of the Vulnerable Software and Affected Versions: Philips EncoreAnywhere affected versions not specified Description: The issue concerns the HTTP header in Philips EncoreAnywhere, which contains data that an attacker may be able to use to gain sensitive information. Recommendations: At the...

USN-6473-1: urllib3 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 22.04 Description It was discovered that urllib3 didn’t strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. Thi...

Axios Cross-Site Request Forgery Vulnerability

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

GHSA-WF5P-G6VW-RHXX Axios Cross-Site Request Forgery Vulnerability

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...