Lucene search
K

59 matches found

Github Security Blog
Github Security Blog
added 2025/05/29 4:50 p.m.49 views

Fabio allows HTTP clients to manipulate custom headers it adds

Summary Fabio allows clients to remove X-Forwarded headers except X-Forwarded-For due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should...

9.1CVSS7.4AI score0.00511EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/05/15 8:7 p.m.41 views

CVE-2024-8397

CVE-2024-8397 affects the WordPress plugin webtoffee-gdpr-cookie-consent (versions before 2.6.1). The root cause is improper sanitization/escaping of IP headers when logging, enabling a Stored XSS payload. The attack pattern is triggered when an admin visits the Consent report page, with the scri...

5.4CVSS5.9AI score0.00266EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/29 5:19 a.m.17 views

CVE-2025-1217 Header parser of http stream wrapper does not handle folded headers

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

6.3CVSS6.4AI score0.00547EPSS
Exploits1References5
Rockylinux
Rockylinux
added 2025/03/17 8:16 p.m.18 views

bpftrace security update

An update is available for bpftrace. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet...

2.8CVSS6.5AI score0.00184EPSS
Exploits0
OSV
OSV
added 2025/03/17 8:16 p.m.15 views

RLSA-2024:9188 Low: bpftrace security update

BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet Filter eBPF available in recent Linux kernels 4.x. BPFtrace uses LLVM as a backend to compile scripts to BPF-bytecode and makes use of BCC for interacting with the Linux BPF system, as well as existing Linux tracing...

2.8CVSS6.5AI score0.00184EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/02/11 10:47 p.m.17 views

GeoNetwork search end-point information disclosure in response headers

Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Patches GeoNetwork 4.4.5 / 4.2.10 Workarounds None References -...

5.3CVSS3.7AI score0.00366EPSS
Exploits0References7Affected Software1
Redos
Redos
added 2025/01/21 12:0 a.m.14 views

ROS-20250121-03

Vulnerability The contentsecuritypolicy function of the Ruby interpreter's Action Pack extension is related to a vulnerability in the dynamically set Content-Security-Policy CSP headers. Content-Security-Policy CSP dynamically set headers vulnerability. Exploitation The vulnerability could allow ...

2.3CVSS5.9AI score0.01009EPSS
Exploits0
Amazon
Amazon
added 2024/05/28 12:0 a.m.4 views

Low: bcc

Issue Overview: If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default...

2.8CVSS6.6AI score0.00218EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/04/19 12:0 a.m.5 views

The vulnerability of the Apache HTTP Server’s web server lies in its failure to properly handle CRLF sequences in HTTP headers. This allows attackers to perform attacks that involve splitting HTTP responses.

The vulnerability of the Apache HTTP Server is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote attacker to perform attacks that involve splitting HTTP responses...

5.4CVSS6.9AI score0.03914EPSS
Exploits0References12Affected Software13
Microsoft CVE
Microsoft CVE
added 2023/02/20 8:0 a.m.1 views

Undici vulnerable to Regular Expression Denial of Service in Headers

...

7.5CVSS7.1AI score0.01304EPSS
Exploits0
OSV
OSV
added 2021/07/11 12:3 p.m.6 views

OPENSUSE-SU-2021:1806-1 Security update for python-httplib2

This update for python-httplib2 fixes the following issues: - Update to version 0.19.0 bsc1182053. - CVE-2021-21240: Fixed regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body...

7.5CVSS7.1AI score0.03876EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/07/27 11:25 a.m.39 views

CVE-2020-7695 HTTP Response Splitting

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers...

5.3CVSS5.2AI score0.0131EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/05/17 12:0 a.m.7 views

PT-2020-10770 · Cherokee · Cherokee

Name of the Vulnerable Software and Affected Versions: Cherokee versions 1.2.104 and earlier Description: The issue allows remote attackers to trigger an out-of-bounds write in cherokee handler cgi add env pair in handler cgi.c by sending many request headers, as demonstrated by a GET request wit...

9.8CVSS9.3AI score0.02148EPSS
Exploits1References9
NVD
NVD
added 2020/01/23 3:15 a.m.22 views

CVE-2020-5216

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a newline could be injected leading to limited header injection. Upon seeing a...

5.8CVSS5.2AI score0.01079EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2019/08/28 6:32 p.m.2 views

ceph: Unauthenticated clients can crash ceph RGW configured with beast as frontend

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients...

7.5CVSS5.8AI score0.0461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/10/30 2:57 p.m.4 views

curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have...

9.1CVSS7.5AI score0.06003EPSS
Exploits0References5
CVE
CVE
added 2017/03/14 10:0 p.m.82 views

CVE-2016-8024

The CVE-2016-8024 entry affects McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. The vulnerability is HTTP Response Splitting caused by improper neutralization of CRLF sequences in HTTP headers, enabling a remote unauthenticated attacker to influence server responses and potentiall...

8.1CVSS7.4AI score0.08673EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2017/03/02 6:59 a.m.2 views

DEBIAN-CVE-2017-6413

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP...

8.6CVSS7.2AI score0.04253EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.6 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-headers-2.6.8-3-32-smp operating system of the Debian GNU/Linux distribution can lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

10CVSS5.4AI score0.05357EPSS
Exploits20References61Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.7 views

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the linux-headers-2.6.18-6-all-mips package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

7.8CVSS5.8AI score0.0368EPSS
Exploits7References17Affected Software1
Rows per page
Query Builder