3718 matches found
CVE-2023-4463 Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service
A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...
CVE-2023-4463
The CVE-2023-4463 entry affects Poly CCX 400, CCX 600, Trio 8800, and Trio C60. The vulnerability is in the HTTP Header Handler component, where manipulating the Cookie argument can cause denial of service. Exploitation can be performed remotely, and public disclosure of the exploit is noted. Con...
PT-2023-29275 · Poly · Poly Ccx 400 +3
Name of the Vulnerable Software and Affected Versions: Poly CCX 400 affected versions not specified Poly CCX 600 affected versions not specified Poly Trio 8800 affected versions not specified Poly Trio C60 affected versions not specified Description: A vulnerability was found in the HTTP Header...
What is maximum HTTP header length on NetScaler
This article explains the maximum HTTP header length on NetScaler...
actionpack: Possible XSS via User Supplied Values to redirect_to
A Cross-site Scripting XSS vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance o...
Denial Of Service (DoS)
github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability exists because the readChunkLine function in chunked.go does not properly check the bytes from the request or response body. A malicious attacker can exploit this to cause a server to automatically read a large amount ...
Qlik Sense Enterprise HTTP Tunneling RCE
The version of Qlik Sense Enterprise installed on the remote Windows host is prior to November 2021 Patch 17, February 2022 prior to Patch 15, May 2022 prior to Patch 16, August 2022 prior to Patch 14, November 2022 prior to Patch 12, February 2023 prior to Patch 10, May 2023 prior to Patch 6 or...
Security Bulletin: IBM Cloud Pak for Data Scheduling was built with a vulnerable golang compiler. ( CVE-2023-29406, CVE-2023-29409 )
Summary Golang compiler is used by IBM Cloud Pak for Data Scheduling to build the scheduler binaries. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP header injection, caused by improper contents validation of Host header by the HTTP/1 client. By persuading...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
Open Redirect
apache-superset is vulnerable to Open Redirect. The vulnerability is caused due to lack of validation of HTTP host header. An authenticated attacker can spoof the HTTP host header and redirect users to the website of attacker's choice. An attacker can perform a phishing attack by exploiting this...
CVE-2023-42502
Affected software: Apache Superset. Vulnerability: open redirect via spoofing the HTTP Host header. Root cause: authenticated attackers with update datasets permission can modify a dataset link to point to an untrusted site, causing users to be redirected when clicking that dataset. Impact: poten...
SUSE-SU-2023:4589-1 Security update for squid
This update for squid fixes the following issues: - CVE-2023-46728: Remove gopher support bsc1216926. - Fixed overread in HTTP request header parsing bsc1217274...
GLSA-202311-09 : Go: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202311-09 Go: Multiple Vulnerabilities - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to HTTP header injection due to [CVE-2023-29406]
Summary Golang Go is used by IBM App Connect Enterprise Certified Container in the operator catalog, the operator and its operands. The IBM App Connect Enterprise Certified Container operator and the IntegrationServer & IntegrationRuntime operands are vulnerable to HTTP header injection leading t...
CVE-2021-22143
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...
CVE-2021-22143
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...
Design/Logic Flaw
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...
CVE-2021-22143
CVE-2021-22143 affects the Elastic APM .NET Agent, where sensitive HTTP header information can be leaked when logging errors because headers may not be sanitized before being sent to the APM server. This vulnerability concerns the Elastic APM .NET Agent components involved in error logging and he...
CVE-2021-22143 Elastic APM .NET Agent information disclosure
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...
CVE-2021-22143 Elastic APM .NET Agent information disclosure
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...