Moxa AWK-3131A Web Application bkpath HTTP Header Injection (CVE-2016-8720)

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP...

Security Bulletin: IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2023-29406)

Summary Vulnerabilities in golang before 1.19.11 affect the golang component that is used by IBM Event Streams CVE-2023-29406. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP header injection, caused by improper conten...

Exploit for Use of Externally-Controlled Format String in Asus Rt-Ac86U_Firmware

CVE-2023-35086-POC July 25 2023, Altin tin-z, github.com/t...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to HTTP header injection due WebSphere Liberty Server (CVE-2022-34165)

Summary A security vulnerability has been identified and addressed in WebSphere Liberty Server shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty...

CVE-2023-29406

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacke...

SUSE CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

DEBIAN-CVE-2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

CVE-2023-34329

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability...

Authentication flaw

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability...

CVE-2023-34329 Authentication Bypass via HTTP Header Spoofing

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability...

CVE-2023-34329 Authentication Bypass via HTTP Header Spoofing

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability...

CVE-2023-34329

CVE-2023-34329 affects AMI MegaRAC SP-X BMC (SPx12). The vulnerability enables authentication bypass by spoofing the HTTP header, potentially compromising confidentiality, integrity and availability. Documented impact is that an attacker with appropriate access could bypass authentication to perf...

PT-2023-24816

Name of the Vulnerable Software and Affected Versions AMI MegaRAC SPx12 affected versions not specified Description The issue allows a user to bypass authentication by spoofing the HTTP header, potentially leading to loss of confidentiality, integrity, and availability. This is achieved by...

curl: CVE-2023-38039: HTTP header allocation DOS

A vulnerability was discovered in curl that allowed an attacker to cause a denial-of-service DOS condition on a user's system. By setting up a malicious HTTP server and continuously sending new headers, the attacker could exhaust system resources, leading to system instability or crash. The issue...

SUSE CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

Apache Pulsar Authorization Issues Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

CVE-2023-28362

A Cross-site Scripting XSS vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance o...

Security Bulletin: There are several vulnerabilities in Liberty used by the IBM Maximo Manage application in the IBM Maximo Application Suite

Summary There are several vulnerabilities in Liberty used by the IBM Maximo Manage application in the IBM Maximo Application Suite. These vulnerabiblities have been addressed. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local authenticated attacker to gain elevat...

Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...