Internet Bug Bounty: CVE-2022-35948: CRLF Injection in Nodejs ‘undici’ via Content-Type

undici library should be protects HTTP headers from CRLF injection vulnerabilities. However, CRLF injection exists in the ‘content-type’ header of undici.request api. Impact = [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more...

Duplicate HTTP Headers Detected

Multiple HTTP headers of the same name have been detected. RFC 7230 states a server must not generate multiple header fields with the same field name unless either the entire field value for that header field is defined as a comma-separated list, or the header field is a well-known exception...

CVE-2022-1600

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

Design/Logic Flaw

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

CVE-2022-1600 YOP Poll < 6.4.3 - IP Spoofing

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions. PoC When downloading a file, add an X-Forwarded-For header that contains a random IP address to your request...

Schneider Electric Modicon Out-of-bounds Write (CVE-2022-34759)

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior - A...

GHSA-3CVR-822R-RQCC undici before v5.8.0 vulnerable to CRLF injection in request headers

Impact It is possible to inject CRLF sequences into request headers in Undici. js const undici = require'undici' const response = undici.request"http://127.0.0.1:1000", headers: 'a': "\r\nb" The same applies to path and method Patches Update to v5.8.0 Workarounds Sanitize all HTTP headers from...

CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

CVE-2022-31150 CRLF injection in request headers

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

Oracle Linux 8 : grub2 (ELSA-2022-9595)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9595 advisory. - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697...

Oracle Linux 9 : grub2 (ELSA-2022-9596)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9596 advisory. - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 Tenable has extracted the preceding descripti...

CVE-2022-34759

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

CVE-2022-34759

CVE-2022-34759 describes a CWE-787Out-of-bounds Write vulnerability that could cause a denial of service to the webserver due to improper parsing of HTTP headers. Affected Schneider Electric devices include the X80 advanced RTU Communication Module BMENOR2200H (V1.0) and the OPC UA Modicon Commun...

CVE-2022-34759

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

Rocky Linux 8 : grub2, mokutil, shim, and shim-unsigned-x64 (RLSA-2022:5095)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5095 advisory. - A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space...

Oracle Linux 9 : grub2 (ELSA-2022-5099)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5099 advisory. - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 Tenable has extracted the preceding descripti...

OESA-2022-1734 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advanc...

WordPress plugin WP-EMail has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress plugin WP-EMail version 2.69.0 has a security vulnerability that stems from obtaining a...