CVE-2024-43445 Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing

A vulnerability exists in OTRS and OTRS Community Edition that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. This issue affects:...

CVE-2025-0697 Telstra Smart Modem Gen 2 HTTP Header injection

A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely...

CVE-2025-0697

Telstra Smart Modem Gen 2 (up to 20250115) is affected by a vulnerability in the HTTP Header Handler where manipulation of the Content-Disposition argument leads to injection. The issue can be triggered remotely. Affected component/file: HTTP Header Handler; root cause described as Content-Dispos...

CVE-2024-45687 HTTP Server incorrectly accepting disallowed characters within header values

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in Payara Platform Payara Server Grizzly, REST Management Interface modules, Payara Platform Payara Micro Grizzly modules allows Manipulating State, Identity Spoofing.This issue affects Payar...

squid34: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

CLSA-2025-1737153996 squid34: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

PT-2025-3014 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.2.0 through 7.6.0 FortiProxy versions 7.2.0 through 7.4.5 Description: The issue is related to an improper neutralization of crlf sequences in http headers, also known as 'http response splitting'. This allows an...

DEBIAN-CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

USN-7190-1 tinyproxy vulnerability

It was discovered that Tinyproxy did not properly manage memory during the parsing of HTTP connection headers. An attacker could use this issue to cause a DoS or possibly execute arbitrary code...

GHSA-GGWQ-XC72-33R3 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

Reflected XSS at /lgslfiles/lgsllist.php Description: Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When...

LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

Reflected XSS at /lgslfiles/lgsllist.php Description: Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When...

CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...

NETGEAR R6900P/R7000P Buffer Overflow Vulnerability

The NETGEAR R6900P and R7000P are wireless routers from NETGEAR that provide high-speed Internet connectivity and network management capabilities. The NETGEAR R6900P and R7000P suffer from a buffer overflow vulnerability that stems from the sub16C4C function in the HTTP Header Handler component...

CVE-2024-12988

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

CVE-2024-12988 Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

CVE-2024-12988

Netgear R6900P/R7000P (1.3.3.154) are affected by CVE-2024-12988 in the HTTP Header Handler, sub_16C4C. The Host parameter is mishandled, causing a buffer overflow that can be exploited remotely; public exploit exists. These devices are no longer supported by the maintainer. Remediation/public pa...