CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...

geckodriver安全漏洞

geckodriver is an application program. It provides an HTTP API described by the WebDriver protocol to communicate with the Gecko browser. A security vulnerability exists in geckodriver versions prior to 0.30.0, which stems from improved host header checking to reject requests that are not sent to...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-7 EEC 2x 230V, SCALANCE X302-7 EEC 2x 230V, coated, SCALANCE X302-7 EEC 2x 24V, SCALANCE X302-7 EEC 2x 24V, coated, SCALANCE...

VulnCheck KEV: CVE-2019-10068

Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution...

Input validation

Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voi...

GHSA-RVPC-W57P-Q95F HTTP Response Splitting in WSO2 transport-http

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...

CVE-2021-45226

An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites...

OESA-2021-1472 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages...

UBUNTU-CVE-2021-43797

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fa...

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty An environment issue vulnerability exists that stems from the fact that Netty is an asynchronous event-driven web...

The vulnerability of the Address Book component of the Microsoft Outlook client, which allows attackers to perform spoofing attacks

The vulnerability of the Address Book component in the Microsoft Outlook email client is related to insufficient validation of addresses in headers. Exploiting this vulnerability could allow attackers, operating remotely, to carry out spam attacks using externally similar IDN domains...

F5 Networks BIG-IP : Python tarfile library vulnerability (K78284681)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K78284681 advisory. In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite...

Host Spoofing

typo3/cms is vulnerable to Host Spoofing. Improper validation of HTTP Host header allow attackers to forge the header to any value, resulting in impersonation of a legitimate user...

Mitel Networks MiCollab 授权问题漏洞

An authorization issue vulnerability exists in Mitel Networks MiCollab, a mobile application from Mitel Networks Canada that provides voice, video, messaging, audio conferencing, and team collaboration for employees, and stems from the product's MiCollab Client Service component does not validate...

resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class

A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed...

Machform 注入漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An HTTP host header injection vulnerability exists in versions prior to Machform 16. The vulnerability stems from improper validation of the host header. An attack...

CVE-2021-23853

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs...

resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class

A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed...

JetBrains YouTrack 跨站脚本漏洞

YouTrack is a keyboard-based issue and project tracking tool from the Czech company JetBrains, primarily used for tracking tasks and defect correction arrangements during development. A cross-site scripting vulnerability exists in versions prior to JetBrains YouTrack 2021.1.9819. The vulnerabilit...

UPnP 数据伪造问题漏洞

UPnP is a Universal Plug and Play protocol from the Open Connectivity Foundation. A data forgery vulnerability exists in Portable SDK version 1.14.6 and later in UPnP Devices because it does not check the value of the "host" header...