CVE-2021-37499

CRLF vulnerability in Reprise License Manager RLM web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers...

CVE-2021-37499

The CVE-2021-37499 entry describes a CRLF injection vulnerability in Reprise License Manager (RLM) web interface up to version 14.2BL4, located in the password parameter of the View License Result function. The underlying issue is unsanitized user input that allows remote attackers to inject arbi...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

Information disclosure

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

K000130541: Grub2 vulnerability CVE-2022-28734

Security Advisory Description Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte...

Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2023-1058)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-22465 Http4s has fatal error parsing User-Agent and Server headers

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applie...

Node.js: CRLF Injection in Nodejs ‘undici’ via host

A CRLF injection vulnerability existed in the 'host' header of undici.request API, allowing an attacker to inject arbitrary HTTP headers and conduct various attacks. The vulnerability impacted undici library versions up to 5.14.0...

Cross-Site Request Forgery (CSRF)

nsupdate is vulnerable to cross-site request forgery. The vulnerability exists in CSRFCOOKIEHTTPONLY cookie in base.py due to lack of proper security HTTP headers which allows an attacker to gain access to sensitive information in the system...

FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing

The plugin prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin. Set HTTPXREALIP, HTTPXFORWARDEDFOR, HTTPCFCONNECTINGIP or HTTPCLIENTIP to spoof the IP address...

FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing

The plugin prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin. PoC Set HTTPXREALIP, HTTPXFORWARDEDFOR, HTTPCFCONNECTINGIP or HTTPCLIENTIP to spoof the IP address...

EulerOS Virtualization 2.10.1 : grub2 (EulerOS-SA-2022-2883)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to...

CVE-2021-4226

RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented...

Design/Logic Flaw

RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented...

CVE-2021-4226

The CVE-2021-4226 entry concerns the WordPress RSFirewall! plugin where the component attempts to determine the client’s original IP by inspecting multiple HTTP headers. The vulnerability is a bypass due to the implementation, allowing circumvention of IP-based controls (as described in multiple ...

CVE-2021-4226 RSFirewall < 1.1.25 - IP Block Bypass

RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2022:4303-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4303-1 advisory. - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP...

CVE-2022-34316

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452...

CVE-2022-34316 IBM CICS TX information disclosure

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452...