CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...

Denial Of Service (DoS)

@hapi/hapi is vulnerable to denial of service. The CORS request handler causes the function to throw a system error if the header contains certain invalid values...

Denial of Service in @commercial/hapi

Affected versions of @commercial/hapi are vulnerable to Denial of Service. The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the application will exist,...

CVE-2020-12480

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...

Denial Of Service (DoS)

@commercial/hapi is vulnerable to denial of service DoS. A header containing invalid values causes a system error and application crash due to improper handling by the CORS request handler...

Denial of Service

Overview Versions of @hapi/hapi prior to 18.4.1 or 19.1.1 are vulnerable to Denial of Service. The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the...

Roblox: Subdomain Takeover to Authentication bypass

Vulnerability Type: ----------- Subdomain Takeover Description: ----------- Due to unclaimed or expired Hubspot instance an attacker is able to claim and serve content from devrel.roblox.com and perform different kind of attacks which i shared in impact section. Affected Area: -----------...

Mozilla Thunderbird < 38.4 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote Mac OS X host is prior to 38.4. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, vi...

Mozilla Thunderbird < 38.4 Multiple Vulnerabilities

The version of Thunderbird installed on the remote Windows host is prior to 38.4. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via...

Firefox < 42 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 42. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via ...

Firefox < 42 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 42. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via...

CORS requests should not follow 30x redirections after preflight — Mozilla

Mozilla developer Christoph Kerschbaumer discovered an issue while investigating Mozilla Foundation Security Advisory 2015-03, previously reported by security researcher Muneaki Nishimura. This flaw was that a cross-origin resource sharing CORS request should not follow 30x redirections after...

SuSE Update for opera openSUSE-SU-2012:1481-1 (opera)

Check for the Version of opera OpenVAS Vulnerability Test $Id: gbsuse201214811.nasl 8253 2017-12-28 06:29:51Z teissa $ SuSE Update for opera openSUSE-SU-2012:1481-1 opera Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is...