CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18837

CVE-2018-18837 affects Netdata 1.10.0 and is described as HTTP Header Injection via the api/v1/data filename parameter due to web_client_api_request_v1_data in web/api/web_api_v1.c. The vulnerability is categorized as a header injection issue (CVSS details shown in the entry: CVSSv3 base score 6....

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

HTTP Header Information Disclosure

The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and technologies used by the web server. No source data...

CRLF Injection

Python is vulnerable to CRLF Injection. Remote unauthenticated attacker could exploit the flaw by controling a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that lacks a ? character followed by an HTTP header o...

CRLF Injection

Python is vulnerable to CRLF Injection. Remote unauthenticated attacker could exploit the flaw by controling a url parameter, as demonstrated in the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed by an HTTP header or a Redis comman...

Cuvva: Clickjacking in ops.cuvva.com

Hi, Description: Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking contr...

Unauthorised Access

Envoy is vulnerable to unauthorised access vulnerability. This occurs when parsing HTTP/1.x header values because envoy does not reject embedded zero characters NUL, ASCII 0x0. This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header...

Privilege Escalation

Apache is vulnerable to privilege escalation attacks. This exists in moduserdir . An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data...

Siemens SIMATIC HMI Panels < 15.4 Integrated Webserver HTTP Header Injection

Binary data 720167.prm...

Cross-Site Scripting (XSS)

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. A cross-site scripting XSS flaw was found in the way the Red Hat Satellite web interface...

CRLF Injection

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. A cross-site scripting XSS flaw was found in the way the Red Hat Satellite web interface...

Remote Code Execution

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. A cross-site scripting XSS flaw was found in the way the Red Hat Satellite web interface...

Security Bulletin: API Connect V2018 is impacted by a vulnerability in Golang (CVE-2019-9741)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-9741 DESCRIPTION: Golang GO is vulnerable to HTTP header injection, caused by improper validation of input in the http.NewRequest. By sending a specially-crafted request, a remote attacker cou...

CVE-2019-9900

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters NUL, ASCII 0x0. This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources...

CVE-2019-9900

Technical details about CVE-2019-9900 are not provided in the connected documents. The initial description notes an issue in Envoy 1.9.0 and earlier with HTTP header parsing, but no public details are included here; monitor for updates.

undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)

It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...

istio/envoy: Authorization bypass via null characters injection in HTTP/1.x

A flaw was found in Envoy version 1.9.0 and older, where Envoy does not reject embedded zero characters NUL, ASCII 0x0 when processing HTTP/1.x header values. This flaw allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules,...

CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...