Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2022-1525)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-25751

A vulnerability has been identified in SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-7 EEC 2x 230V, SCALANCE X302-7 EEC 2x 230V, coated, SCALANCE X302-7 EEC 2x 24V, SCALANCE X302-7 EEC 2x 24V, coated, SCALANCE...

CVE-2022-25751

CVE-2022-25751 affects Siemens SCALANCE X-300/XR324/X408-2/X320 etc. devices; root cause is improper validation of HTTP headers in the embedded web server, enabling an unauthenticated remote attacker to crash affected devices. Affected families include X-302/X-304/X-306/X-307/X-308/X-310/X-320/XR...

Inconsistent Interpretation of HTTP Requests in twisted.web

The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230: 1. The Content-Length header value could have a + or - prefix. 2. Illegal characters were permitted in chunked extensions, such as the LF \n...

GHSA-C2JG-HW38-JRQQ Inconsistent Interpretation of HTTP Requests in twisted.web

The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230: 1. The Content-Length header value could have a + or - prefix. 2. Illegal characters were permitted in chunked extensions, such as the LF \n...

CVE-2022-26616

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting XSS attacks via crafted HTTP headers...

Cross site scripting

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting XSS attacks via crafted HTTP headers...

CVE-2022-26616

CVE-2022-26616 affects PKP Vendor Open Journal System versions 2.4.8 through 3.3.8. The vulnerability is a reflected cross-site scripting (XSS) flaw exploitable via crafted HTTP headers, allowing an attacker to inject script that is reflected in the user’s response. Connected sources (Red Hat, NV...

CVE-2022-26616

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting XSS attacks via crafted HTTP headers...

Inproper parsing of HTTP headers

Impact Improper header parsing. An attacker could sneak in a carriage return character \r and pass untrusted values in both the header names and values. Patches The issue is patched in 1.8.4 and 2.1.1. Workarounds There are no known workarounds. References...

Click Jacking

sylius/sylius is vulnerable to click-jacking attacks. An attacker can avoid login forms and load the malicious website within an iframe due to the missing HTTP headers...

WSVuls - Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)

WSVuls Website vulnerability scanner detect issues outdated server software and insecure HTTP headers. What's WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It's designed for developers/testers and for those workers in IT who want to test vulnerabilities a...

Shopware Access Control Error Vulnerability

Shopware is a suite of open source e-commerce software from the German company Shopware. Shopware is vulnerable to an access control error that stems from not properly setting sensitive HTTP headers to non-cacheable, which could be exploited by an attacker to enable HTTP caching and then have...

Shopware Information Disclosure Vulnerability (CNVD-2022-18524)

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware suffers from an information disclosure vulnerability that stems from not properly setting sensitive HTTP headers to be uncacheable. An attacker could exploit the vulnerability to cause the header to...

Information Disclosure

shopware/platform is vulnerable to information exposure. The vulnerability exists due to a lack of sanitization in HTTP headers in the CacheResponseSubscriber function in the CacheResponseSubscriber.php file, allowing to read sensitive information in the system via caches...

CVE-2022-24747

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...

Design/Logic Flaw

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...

CVE-2022-24747 HTTP caching is marking private HTTP headers as public

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...

CVE-2022-24747 HTTP caching is marking private HTTP headers as public

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...

Important: Red Hat Security Advisory: .NET 6.0 on RHEL 7 security and bugfix update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...