CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

USN-7190-1 tinyproxy vulnerability

It was discovered that Tinyproxy did not properly manage memory during the parsing of HTTP connection headers. An attacker could use this issue to cause a DoS or possibly execute arbitrary code...

GHSA-GGWQ-XC72-33R3 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

Reflected XSS at /lgslfiles/lgsllist.php Description: Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When...

LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

Reflected XSS at /lgslfiles/lgsllist.php Description: Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When...

CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...

NETGEAR R6900P/R7000P Buffer Overflow Vulnerability

The NETGEAR R6900P and R7000P are wireless routers from NETGEAR that provide high-speed Internet connectivity and network management capabilities. The NETGEAR R6900P and R7000P suffer from a buffer overflow vulnerability that stems from the sub16C4C function in the HTTP Header Handler component...

CVE-2024-12988

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

CVE-2024-12988

Netgear R6900P/R7000P (1.3.3.154) are affected by CVE-2024-12988 in the HTTP Header Handler, sub_16C4C. The Host parameter is mishandled, causing a buffer overflow that can be exploited remotely; public exploit exists. These devices are no longer supported by the maintainer. Remediation/public pa...

CVE-2024-12988 Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

CVE-2024-12988 Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

CVE-2024-51464 IBM i authentication bypass

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

CVE-2024-51464

IBM i versions 7.3, 7.4, and 7.5 are affected by CVE-2024-51464, a vulnerability that allows bypassing Navigator for i interface restrictions. An authenticated attacker can send a specially crafted request to remotely perform actions the user is not allowed to perform through Navigator for i. The...

CVE-2024-51464 IBM i authentication bypass

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

Important: libsoup

Issue Overview: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup...

BIT-NODE-MIN-2023-23936 CRLF Injection in Nodejs ‘undici’ via host

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

Oracle Linux 8 : pcs (ELSA-2024-10987)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10987 advisory. 0.10.18-2.0.1.el810.3 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.3 - Prevented any future HTTP header-based attacks on puma/sinatra by removing...

pcs security update

0.10.18-2.0.1.el810.3 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.3 - Prevented any future HTTP header-based attacks on puma/sinatra by removing any headers not recognized by pcsd Resolves: RHEL-65595...

Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2024-769)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-769 advisory. It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this...