Heap overflow

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipartparser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected...

CVE-2022-3409 Unauthenticated out of bounds stack write in bmcweb

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipartparser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected...

CVE-2022-2809

The CVE-2022-2809 issue affects OpenBMC’s bmcweb component (multipart_parser) where a specially crafted multipart HTTPS header can trigger a buffer overflow on the heap when an unclosed header lacks a colon. IBM’s advisory confirms OPENBMC as the affected product and lists vulnerable firmware pat...

CVE-2022-3409 Unauthenticated out of bounds stack write in bmcweb

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipartparser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected...

Fixed in Apache Tomcat 8.5.83

Low: Apache Tomcat request smuggling CVE-2022-42252 If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default, Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was...

Fixed in Apache Tomcat 10.0.27

Low: Apache Tomcat request smuggling CVE-2022-42252 If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false not the default, Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat wa...

EulerOS Virtualization 3.0.6.6 : grub2 (EulerOS-SA-2022-2504)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to...

Fixed in Apache Tomcat 9.0.68

Low: Apache Tomcat request smuggling CVE-2022-42252 If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false not the default, Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat wa...

CVE-2022-3215

CVE-2022-3215 affects NIOHTTP1 and projects using it (e.g., SwiftNIO) where user input reflected into HTTP response headers can enable a HTTP Response Injection via CRLF sequences. The root cause is improper handling of input in HTTP headers, allowing newlines to be injected into responses, poten...

WordPress Titan Anti-spam & Security Plugin < 7.3.1 Block Bypass Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-1613

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations...

WordPress plugin Restricted Site Access 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2022-2381)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2877

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

Design/Logic Flaw

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2022-2318)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.35, IBM WebSphere Application Server Hypervisor 7.0.0.35 and IBM HTTP Server 7.0.0.35. Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM WebSphere Application Server cou...

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.4

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server Full Profile and Liberty Profile 8.5.5.4, IBM WebSphere Application Server Hypervisor 8.5.5.4 and IBM HTTP Server 8.5.5.4. Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM...

Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations. PoC Set HTTPCFCONNECTINGIP or any of the other headers in getclientipaddress to spoof the IP address...

Ubuntu: Security Advisory (USN-3464-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...