3715 matches found
CVE-2023-47143
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting,...
Cross site scripting
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting,...
CVE-2023-47143 IBM Tivoli Application Dependency Discovery Manager HOST header injection
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting,...
CVE-2023-47143 IBM Tivoli Application Dependency Discovery Manager HOST header injection
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting,...
PT-2024-13413 · Ibm · Ibm Tivoli Application Dependency Discovery Manager
Name of the Vulnerable Software and Affected Versions: IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.0 through 7.3.0.10 Description: The issue is caused by improper validation of input by the HOST headers, leading to HTTP header injection. This could allow an attacker to...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Golang Go. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a local authenticated attacker to...
RHEL 8 : nodejs:16 (RHSA-2023:1582)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1582 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RHEL 8 : nodejs:18 (RHSA-2023:1583)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1583 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Security Bulletin: Open redirect in parameter might affect IBM Storage Defender – Data Protect.
Summary IBM Storage Defender – Data Protect is vulnerable and that can result in phishing and social engineering exposure. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-50963 DESCRIPTION: IBM Storage Defender - Data Protect is vulnerable to HTTP header injection,...
CVE-2024-23644 trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
squid: DoS against HTTP and HTTPS
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...
Oracle WebLogic Server vulnerable to HTTP header injection
Overview Oracle WebLogic Server provided by Oracle contains an HTTP header injection vulnerability CWE-113. Professional Service Department of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...
JVN#93541851: Oracle WebLogic Server vulnerable to HTTP header injection
Oracle WebLogic Server provided by Oracle contains an HTTP header injection vulnerability CWE-113. Impact This vulnerability could be exploited by a remote attacker to conduct a cross-site scripting attack, etc., and as a result, the displayed page may be altered or an arbitrary script may be...
RHCOS 4 : OpenShift Container Platform 4.10.56 (RHSA-2023:1655)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1655 advisory. - kube-apiserver: Aggregated API server can cause clients to be redirected SSRF CVE-2022-3172 - spring-security-oauth2-client:...
[SECURITY] [DLA 3716-1] ruby-httparty security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3716-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 23, 2024 https://wiki.debian.org/LTS -...
Security Bulletin: IBM Tivoli Application Dependency Discovery Manager affected by multiple vulnerabilities.
Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to multiple vulnerabilities. Vulnerability Details CVEID:CVE-2023-47143 DESCRIPTION: IBM Tivoli Application Dependency Discovery Manager is vulnerable to HTTP header injection, caused by improper...
SUSE-SU-2024:0168-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: Updated to version 3.8.6: - CVE-2023-49082: Fixed an HTTP header injection via a crafted method bsc1217682...
CVE-2023-50963
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
Cross site scripting
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-50963 IBM Storage Defender HTTP HOST header injection
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...