734 matches found
Cross site scripting
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...
UBUNTU-CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...
CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...
CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...
Movim Access Control Error Vulnerability
Movim is a syndicated blogging and chat platform that acts as a web front end for the XMPP protocol. A security vulnerability exists in Movim versions prior to 0.22Z, which stems from a lack of header validation, leading to a cross-site WebSocket hijacking issue...
PT-2023-21749 · Movim · Movim
Name of the Vulnerable Software and Affected Versions: Movim versions prior to 0.22 Description: The issue is related to a Cross-Site WebSocket Hijacking vulnerability due to missing header validation. Recommendations: For versions prior to 0.22, update to version 0.22 or later to resolve the...
Important: runc
Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
Important: containerd
Issue Overview: On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed...
CVE-2023-40518
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...
Litespeed Technologie OpenLiteSpeed Security Breach
Litespeed Technologie OpenLiteSpeed is an open source web server from Litespeed Technologie. A security vulnerability exists in LiteSpeed OpenLiteSpeed versions prior to 1.7.18, which stems from not strictly validating HTTP request headers...
OESA-2023-1500 golang security update
The Go Programming Language. Security Fixes: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host o...
OESA-2023-1501 golang security update
The Go Programming Language. Security Fixes: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host o...
OESA-2023-1499 golang security update
The Go Programming Language. Security Fixes: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a...
Improper Header Validation
libopendkim.so is vulnerable to Improper Header Validation. The vulnerability exists due to the default setting used for the KeepAuthResults parameter in opendkim.c, which fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, allowing an attacker to send...
Denial Of Service (DoS)
grpc is vulnerable to Denial Of Service DoS. The vulnerability exists due to improper header validation which allows an attacker to send headers such as te: x x != trailers, scheme: x x != http, https, and grpclbclientstats: x x == anything, leading to the total header size being over 8kb,...
AZL-28831 CVE-2023-29406 affecting package msft-golang for versions less than 1.20.7-1
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
CVE-2023-29406
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
AZL-27410 CVE-2023-29406 affecting package golang for versions less than 1.20.7-1
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
CVE-2023-29406
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
CVE-2023-29406 Insufficient sanitization of Host header in net/http
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...