Cross-Site Scripting (XSS)

ceph is vulnerable to cross-site scripting. The vulnerability exists due to a flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the...

GO-2022-0706 Information disclosure in go.elastic.co/apm

Sensitive HTTP headers may not be properly sanitized before being sent to the APM server if the program panics...

CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...

CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...

Cisco Adaptive Security Appliance Software WebVPN CRLF Injection (cisco-sa-asa-ftd-crlf-inj-BX9uRwSn)

According to its self-reported version, the Clientless SSL VPN WebVPN of Cisco Adaptive Security Appliance ASA Software is affected by an CRLF injection vulnerability due to improper input sanitization. An unauthenticated, remote attacker can exploit this by persuading a user of the interface to...

Cisco Firepower Threat Defense Software WebVPN CRLF Injection (cisco-sa-asa-ftd-crlf-inj-BX9uRwSn)

According to its self-reported version, the Clientless SSL VPN WebVPN of Cisco Firepower Threat Defense FTD Software is affected by an CRLF injection vulnerability due to improper input sanitization. An unauthenticated, remote attacker can exploit this by persuading a user of the interface to cli...

CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...

Stack Overflow

net/http of github.com/golang/go is vulnerable to stack overflow. The vulnerability exists due to ReadRequest recursion if it has very large headers...

CVE-2021-22679

The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK...

Integer overflow

The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK...

CVE-2021-22679

The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK...

Input validation

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A...

PT-2021-2970 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts due to the improper handling of HTTP header...

CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when makin...

CVE-2021-0268 Junos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks.

An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the...

CVE-2021-0268

CVE-2021-0268 concerns Juniper Networks Junos OS J-Web, due to an Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting). The weakness can cause buffer overflows or segment faults and, per sources, may enable cross-site scripting (XSS) and cookie manipulation, with th...

openSUSE: Security Advisory for flatpak, (openSUSE-SU-2021:0520-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GO-2021-0091

Due to improper input validation when uploading a file, a malicious user may force the server to return arbitrary HTTP headers when the uploaded file is downloaded...

Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk (important)

openSUSE Security Update: Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk Announcement ID: openSUSE-SU-2021:0520-1 Rating: important References: 1133120 1133124 1175899 1180996 Cross-References: CVE-2021-21261 CVSS scores: CVE-2021-21261 NVD : 8.8...

openSUSE Security Update : flatpak / libostree / xdg-desktop-portal / etc (openSUSE-2021-520)

This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 - Enable LTO. bsc1133120 - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and...