34 matches found
OESA-2024-2198 python-Flask-Cors security update
A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option...
SUSE CVE-2024-45614
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...
CVE-2023-30861 Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
CVE-2022-31042 Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle
Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...
CVE-2021-38713
imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header...
UBUNTU-CVE-2021-33197
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...
cpio security update
2.11-28 - Improper input validation when writing tar header fields 1766222...
Juniper Networks Junos OS J-Web Clickjacking Vulnerability
Junos OS is prone to Clickjacking vulnerability on J-Web. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...
Moderate: Red Hat Security Advisory: httpd security and bug fix update
Updated httpd packages that fix multiple security issues and one bug are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...
McAfee Web Gateway 7.1.5.x - 'Host' HTTP Header Security Bypass
source: https://www.securityfocus.com/bid/53015/info McAfee Web Gateway is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. A successful attack will allow an attacker to bypass intended security restrictions; this may aid in other attacks. McAfee Web...
Firefox < 10.0.3 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is earlier than 10.0.3 and thus, is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context ...
CVE-2008-7014
fhttpd 0.4.2 allows remote attackers to cause a denial of service crash via an Authorization HTTP header with an invalid character after the Basic value...
McAfee GroupShield for Exchange X-Header Security Bypass Vulnerability
This host is installed McAfee GroupShield for Microsoft Exchange and is prone to X-Header Security Bypass Vulnerability. OpenVAS Vulnerability Test $Id: gbmcafeegroupshieldexchangesecbypassvuln.nasl 8197 2017-12-20 12:50:38Z cfischer $ McAfee GroupShield for Exchange X-Header Security Bypass...
Cobalt RaQ 2.03.0 qpopper 2.522.53 - EUIDL Format String Input
Cobalt RaQ 2.03.0 qpopper 2.522.53 - EUIDL Format String Input // source: https://www.securityfocus.com/bid/1242/info A vulnerability exists in version 2.53 and prior of qpopper, a popular POP server, from Qualcomm. By placing machine executable code in the X-UIDL header field, supplying formatti...