130 matches found
CVE-2021-29719
CVE-2021-29719 affects IBM Cognos Analytics 11.1.7 and 11.2.0, stemming from a web response that specifies an incorrect content type. This could enable client‑side exploits. IBM’s advisories note official fixes in IBM Cognos Analytics 11.2.1 and 11.1.7 Fix Pack 4 (FP4); upgrade to 11.2.1 or apply...
CVE-2021-29719
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091...
PT-2021-18430 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.0 Description: The issue is related to client-side vulnerabilities due to a web response specifying an incorrect content type. Recommendations: For IBM Cognos Analytics versions 11.1.7 through...
CVE-2021-32067
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization...
Squid 输入验证错误漏洞
Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in Squid versions prior to 4.15 and versions 5.x through 5.0.6 that allows remote...
The vulnerability of the is_hdr_criteria_matches function in the BIG-IP Advanced Web Application Firewall (AWAF) virtual server allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the ishdrcriteriamatches function in the BIG-IP Advanced Web Application Firewall AWAF virtual server lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary cod...
CVE-2020-27539
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow OOB write. In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...
CVE-2020-4913
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288...
resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed...
UBUNTU-CVE-2020-1695
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to...
CVE-2020-3315
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP...
Unspecified Vulnerability in ABB eSOMS (CNVD-2020-19561)
ABB eSOMS is a plant operations management system from ABB Switzerland. ABB eSOMS contains a security vulnerability that originates from not setting a security flag in the HTTP response header, which can be exploited by an attacker to obtain cookie information...
ClipSoft REXPERT Information Disclosure Vulnerability
ClipSoft REXPERT is a report generation program from ClipSoft Korea. An information disclosure vulnerability exists in ClipSoft REXPERT. An attacker can exploit the vulnerability to disclose a user's name via the session file path of HTTP response data...
IBM Cloud Orchestrator HTTP Response Splitting Vulnerability (CNVD-2019-39202)
IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. An...
CVE-2019-15259
A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...
CVE-2019-13383
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response...
The vulnerability of the php_stream_url_wrap_http_ex function in the PHP interpreter allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the phpstreamurlwraphttpex function located in ext/standard/httpfopenwrapper.c in the PHP interpreter arises due to an out-of-buffer operation on the stack. Exploitation of this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by usi...
CVE-2017-12308
A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...
Circle with Disney Information Disclosure Vulnerability
Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. An information disclosure vulnerability exists in the apid daemon in Circle with Disney version 2.0.1. The vulnerability can be exploite...
CVE-2015-1847
CVE-2015-1847 concerns a directory traversal in the Appserver web request/response interface. The vulnerability affects Appserver versions before 1.0.3, allowing remote attackers to read normally inaccessible files by inserting a “..” in a crafted URL. Multiple sources (NVD, OpenVAS entry, CNVD/P...