2469 matches found
.NET 5.0 security and bugfix update
An update is available for dotnet5.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
GHSA-JH6M-3PQW-242H Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers
A vulnerability was found in all versions of the deprecated package Keycloak Gatekeeper, where on using lower case HTTP headers via cURL we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in...
Ipsourcebypass - This Python Script Can Be Used To Bypass IP Source Restrictions Using HTTP Headers
This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON export with --json outputfile.json. Auto-detecting most successfull bypasses. Usage $ ./ipsourcebypass.py -h IP source bypass using HTTP headers, v1.1 usage:...
CVE-2021-40339
Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26...
CVE-2021-40339
Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26...
Design/Logic Flaw
Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26...
CVE-2021-40339 OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product
Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26...
CVE-2021-40339
Hitachi Energy LinkOne (WebView) is affected by CVE-2021-40339 due to a misconfiguration: the application lacks HTTP headers, enabling an attacker to retrieve sensitive information. Affected versions are LinkOne WebView 3.20, 3.22, 3.23, 3.24, 3.25, and 3.26. The CVE entry describes a configurati...
Mageia: Security Advisory (MGASA-2018-0428)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-45226
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites...
Input validation
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites...
CVE-2021-45226
CVE-2021-45226 affects COINS Construction Cloud 11.12. The root cause is improper validation of user-controlled HTTP headers, which can cause the system to send password-reset emails to arbitrary websites. This creates risk of phishing/credential misuse via misdirected password resets. The vulner...
CVE-2021-45226
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites...
PT-2022-12311 · Unknown · Coins Construction Cloud
Name of the Vulnerable Software and Affected Versions: COINS Construction Cloud version 11.12 Description: An issue was discovered due to improper validation of user-controlled HTTP headers, allowing attackers to cause the system to send password-reset e-mails pointing to arbitrary websites...
Log4Shell HTTP Scanner
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vulnerability by injectin...
OPENSUSE-SU-2021:4104-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc bsc1183374. - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server bsc1189241. - CVE-2021-3737: Fixed ReDoS in urllib.request...
SUSE-SU-2021:4104-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc bsc1183374. - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server bsc1189241. - CVE-2021-3737: Fixed ReDoS in urllib.request...
Security update for python3 (moderate)
openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2021:4104-1 Rating: moderate References: 1180125 1183374 1183858 1185588 1187668 1189241 1189287 Cross-References: CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3426 NVD : 5.7...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 A Zeek package which raises notices, tags HTTP...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Northwave Log4j CVE-2021-44228 checker Friday 10 December 202...