Design/Logic Flaw

The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions...

WordPress plugin WP-EMail 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress plugin WP-EMail version 2.69.0 has a security vulnerability that stems from obtaining a...

grub2: Out-of-bound write when handling split HTTP headers

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

grub2, mokutil, shim, and shim-unsigned-x64 security update

An update is available for shim, mokutil. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader...

grub2, mokutil, shim, and shim-unsigned-x64 security update

An update is available for grub2, shim, shim-unsigned-x64, mokutil. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the...

Denial Of Service (DoS)

grub2 is vulnerable to denial of service. The vulnerability exists due to out-of-bounds write when handling split HTTP headers which allows an attacker to crash the application via malicious input...

RHEL 8 : grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5095)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5095 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

RHEL 8 : grub2, mokutil, and shim (RHSA-2022:5098)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5098 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

RHEL 8 : grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5100)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5100 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

CVE-2022-27220

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks...

CVE-2022-1762

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

Design/Logic Flaw

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

SUSE: Security Advisory (SUSE-SU-2022:2038-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for grub2 (SUSE-SU-2022:2035-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2022:2035-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2035-1 advisory. - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may tak...

SUSE SLES15 Security Update : grub2 (SUSE-SU-2022:2036-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2036-1 advisory. - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that t...

Sensitive header uncleared on same-host, cross-port redirect

Description Sensitive headers are uncleared on cross-port redirect Proof of Concept poc.php 'http://10.0.2.4', ;...

Design/Logic Flaw

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a loc...

CVE-2022-29227 Use after free in Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local...

CVE-2022-29227 Use after free in Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local...