Node.js: Fetch API did not protect against CRLF injection in host headers

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection...

Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Design/Logic Flaw

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...

CVE-2023-27108

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...

qdPM 9.1 Cross Site Scripting

Exploit Title: qdPM 9.x -bindtype - Cross-Site Scripting Exploit Author: Or4nG.M4n Date : 4/26/2023 Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 , 9.1 XSS Reflected . GET...

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

Joomla! v4.2.8 - Unauthenticated information disclosure

!/usr/bin/env ruby Exploit Title: Joomla! v4.2.8 - Unauthenticated information disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2023-23752 Date: 2023-03-24 Vendor Homepage:...

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon, nodejs-nodemon, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Node.js: Fetch API did not protect against CRLF injection in host headers

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection...

Node.js: Fetch API did not protect against CRLF injection in host headers

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection...

Nextcloud Server 25.x < 25.0.3 DoS Vulnerability (GHSA-9wmj-gp8v-477j)

Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE CVE-2023-28644

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is...

CVE-2023-28644

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is...

CVE-2022-48357

Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service DoS attacks to the kernel...

CVE-2022-48357

Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service DoS attacks to the kernel...

Design/Logic Flaw

Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service DoS attacks to the kernel...

CVE-2022-48357

Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service DoS attacks to the kernel...

CVE-2022-48357

Technical details are not publicly available in the provided connected documents. Monitor for updates from official advisories and vendor bulletins for CVE-2022-48357.

CVE-2022-48357

Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service DoS attacks to the kernel...

PT-2023-15734 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned, so: Some products affected versions not specified Description: The issue concerns a double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service DoS...