CVE-2023-4958

CVE-2023-4958 affects Red Hat Advanced Cluster Security (RHACS). The vulnerability is that some security-related HTTP headers are missing in RHACS web UI, enabling a clickjacking-style attack where an attacker entices a valid RHACS user to visit a malicious page that redirects to RHACS endpoints,...

Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip

Description The Coming soon and Maintenance mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.7.3 due to the use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for attackers to bypass the coming soon...

Antispam Bee < 2.11.4 - IP Address Spoofing via get_client_ip

Description The Antispam Bee plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.11.3 due to use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass country blocking...

CVE-2023-49082

A flaw was found in Aiohttp. This issue may allow an attacker to send a crafted HTTP request to the server and smuggle arbitrary HTTP headers due to improper validation of HTTP requests during the processing of the HTTP request method. By exploiting this flaw, an attacker can manipulate HTTP...

Apache Tomcat Request Smuggling Vulnerability (Nov 2023) - Windows

Apache Tomcat is prone to a request smuggling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

CVE-2023-46589

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

Apache Tomcat 9.0.0.M1 < 9.0.83

The version of Tomcat installed on the remote host is prior to 9.0.83. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.83security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-...

GHSA-HX93-GC73-5RPR Exposure of Sensitive Information in Elastic APM .NET Agent

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

CVE-2023-48365

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...

Input validation

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...

CVE-2023-46121

yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...

CVE-2023-46121

yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...

CVE-2023-48365

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...

CVE-2023-48365

CVE-2023-48365 affects Qlik Sense Enterprise for Windows. The issue arises from improper validation of HTTP headers, enabling an unauthenticated remote attacker to tunnel HTTP requests and execute them on the backend server hosting the repository application (RCE potential). This vulnerability is...

CVE-2023-37978

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...

CVE-2023-37978

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...

CVE-2023-37978

The CVE-2023-37978 entry concerns the WordPress HTTP Headers plugin. Affected versions are

CVE-2023-37978 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...

CVE-2023-37978 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...