Lucene search
K

68 matches found

RedHat Linux
RedHat Linux
added 2023/11/08 2:26 p.m.4 views

golang: net/http: insufficient sanitization of Host header

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacke...

6.5CVSS6.9AI score0.0125EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/10/05 1:41 p.m.16 views

CVE-2023-44390 HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...

6.1CVSS6.2AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2023/10/05 1:41 p.m.100 views

CVE-2023-44390

HtmlSanitizer is a .NET library for cleaning HTML; vulnerability arises when foreign content is allowed (svg or math in the allowed list), enabling bypass of sanitization and injection of arbitrary HTML/JavaScript. Default configuration is not affected. Affected versions and fix: fixed in 8.0.723...

6.1CVSS6AI score0.00363EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-5770

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

5CVSS7.4AI score0.0187EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/01/25 9:20 a.m.3 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/28 8:47 p.m.2 views

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

6.5CVSS6.6AI score0.01113EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/11/08 9:34 a.m.5 views

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

6.5CVSS6.6AI score0.01113EPSS
Exploits1References6
Snyk
Snyk
added 2022/07/15 11:4 p.m.6 views

Uncontrolled Recursion

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: A malicious HTTP server or client can cause the net/http client or server to panic.ReadRequest and ReadResponse can hit an...

8.2CVSS6.8AI score0.03692EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/03/21 12:7 p.m.3 views

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

7.5CVSS7.2AI score0.03958EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/01/25 1:55 p.m.2 views

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

7.5CVSS7.2AI score0.03958EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/16 4:38 p.m.1 views

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

7.5CVSS7.2AI score0.03958EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2021/06/08 7:0 a.m.4 views

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

...

7.5CVSS7.8AI score0.07293EPSS
Exploits0
OSV
OSV
added 2021/05/26 3:15 p.m.5 views

DEBIAN-CVE-2021-33194

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service infinite loop via crafted ParseFragment input...

7.5CVSS7.5AI score0.07293EPSS
Exploits0References1
OSV
OSV
added 2021/01/04 7:15 p.m.12 views

CVE-2020-26293

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the tag, an attacker could craft HTML that includ...

6.1CVSS5.9AI score
Exploits0References4
Prion
Prion
added 2021/01/04 7:15 p.m.17 views

Design/Logic Flaw

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the tag, an attacker could craft HTML that includ...

4.3CVSS5.9AI score0.00997EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/01/04 6:20 p.m.26 views

CVE-2020-26293 Possible XSS bypass if style tag is allowed

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the tag, an attacker could craft HTML that includ...

6.1CVSS6AI score0.00997EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/08 10:5 a.m.4 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/02/07 12:0 a.m.4 views

The vulnerability in the implementation of Net::FTP commands in the Ruby programming language allows attackers to execute arbitrary commands.

The vulnerability of Net::FTP commands in the Ruby programming language is related to an input filtering error. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands when opening local files using Net::FTPget, Net::FTPgetbinaryfile, Net::FTPgettextfile, Net::FTPput,...

9.3CVSS7.5AI score0.73927EPSS
Exploits5References5Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 5:35 p.m.31 views

Critical severity vulnerability that affects recurly-api-client

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...

9.8CVSS3.6AI score0.02594EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2018/10/16 5:35 p.m.29 views

GHSA-XPWP-RQ3X-X6V7 Critical severity vulnerability that affects recurly-api-client

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...

9.8CVSS9.4AI score0.02594EPSS
Exploits0References5
Rows per page
Query Builder