133 matches found
SUSE CVE-2006-0051
Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the httppeek function...
SUSE CVE-2006-1989
Buffer overflow in the getdatabase function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers...
SUSE CVE-2010-1197
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting XSS...
SUSE CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...
SUSE CVE-2013-4961
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information...
SUSE CVE-2015-7519
agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...
SUSE CVE-2016-10517
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...
PT-2022-22125 · Ibm · Ibm Cics Tx
Name of the Vulnerable Software and Affected Versions: IBM CICS TX version 11.1 Description: The issue concerns the failure to properly neutralize web scripting syntax in HTTP headers, which can be processed by web browser components. Recommendations: For IBM CICS TX version 11.1, update to a...
IBM CICS TX 安全漏洞
IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. A security vulnerability exists in IBM CICS TX version 11.1 that stems from not or incorrectly escaping Web script syntax in HTTP headers that can be used by Web browser components that ca...
The vulnerability in the implementation of the sprintf() function in the microprogramming software for DIR-890L A1 allows a hacker to execute arbitrary code.
The vulnerability of the sprintf function implementation in the microprogramming-based router software DIR-890L A1 is related to incorrect checking of string lengths in HTTP headers. Exploiting this vulnerability could allow an attacker to execute arbitrary code by connecting through port 49152...
grub2 缓冲区错误漏洞
grub2 is a Linux system boot program from the US GNU community. A buffer error vulnerability exists in grub2 that stems from an out-of-bounds write when handling split HTTP headers...
DEBIAN-CVE-2021-32052
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...
Nacos 安全漏洞
nacos is a dynamic service discovery, configuration and service management platform for Alibaba in China. The software supports both DNS-based and RPC-based service discovery, and can provide features such as delivering real-time health checks and blocking services from sending requests to...
PT-2021-12976 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 18.1R3-S11 Juniper Networks Junos OS versions prior to 18.2R3-S5 Juniper Networks Junos OS versions prior to 18.3R2-S4, 18.3R3-S3 Juniper Networks Junos OS versions prior to 18.4R2-S5, 18.4R3-S3...
CVE-2021-28994
kopano-ical formerly zarafa-ical in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers...
Kopano Groupware Core 资源管理错误漏洞
Kopano Groupware Core is an application from the Dutch company Kopano. Provides Groupware features for Kopano stacks and in most cases they are the core of every Kopano environment. A denial of service vulnerability exists in Kopano Groupware Core, which can be exploited by an attacker to exhaust...
CVE-2020-4815
IBM Cloud Pak for Security CP4S 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system...
CVE-2020-4896
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...
Armeria Injection Vulnerability
Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol. Armeria suffers from an injection vulnerability. The vulnerability stems from a lack of proper validation of user input data by a network system or product during the course of ...
USN-4201-1 ruby2.3, ruby2.5 vulnerabilities
It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. CVE-2019-15845 It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to...