Microsoft Edge Fetch API allows setting of arbitrary request headers (CVE-2017-0140)

Introduction The Fetch API provides an interface for fetching resources including across the network. It will seem familiar to anyone who has used XMLHttpRequest, but the Fetch API provides a more powerful and flexible feature set. Starting in EdgeHTML 14, which ships with Windows 10 Anniversary...

CVE-2016-8024

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing...

Design/Logic Flaw

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing...

CVE-2016-8024

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing...

CVE-2016-8024

The CVE-2016-8024 entry affects McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. The vulnerability is HTTP Response Splitting caused by improper neutralization of CRLF sequences in HTTP headers, enabling a remote unauthenticated attacker to influence server responses and potentiall...

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

Debian DLA-851-1 : wget security update

It was discovered that there was a header injection vulnerability in wget a tool to retrieve files from the web which allowed remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. For Debian 7 'Wheezy', this issue has been fixed in wget version...

CVE-2017-6508

A CRLF injection flaw was found in the way wget handled URLs. A remote attacker could use this flaw to inject arbitrary HTTP headers in requests, via CRLF sequences in the host sub-component of a URL, by tricking a user running wget into processing crafted URLs...

CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

Crlf injection

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

CVE-2017-5615

cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location...

CVE-2017-5615

CVE-2017-5615 affects the cgiemail and cgiecho binaries, enabling HTTP header injection by supplying a newline in the redirect location. Public references describe an open redirect and header-injection combination across related CVEs in the same package. The Debian advisory (DLA-869-1) fixes the ...

CVE-2017-6413

It was found that modauthopenidc did not properly sanitize HTTP headers for certain request paths. A remote attacker could potentially use this flaw to bypass authentication and access sensitive information by sending crafted HTTP requests...

Moderate: Red Hat Security Advisory: python-oslo-middleware security update

An update for python-oslo-middleware is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Gratipay: Content length restriction bypass can lead to DOS by reading large files on gip.rocks

Hello team, Introduction Since you mentioned in the rules that all libraries listed on your github repositories are in scope, I decided to take a look at http://gip.rocks Problem: The application reads an image file and convert it into smaller formats, zip it and let the users to download the...