Important: Red Hat Security Advisory: .NET 6.0 on RHEL 7 security and bugfix update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service

A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service...

dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service

A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service...

RLSA-2022:0496 Important: .NET 6.0 security and bugfix update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.102 and .NET Runtime 6.0.2...

Important: .NET 5.0 security and bugfix update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14...

.NET 5.0 security and bugfix update

An update is available for dotnet5.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

ALSA-2022:0495 Important: .NET 5.0 security and bugfix update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14...

GHSA-JH6M-3PQW-242H Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers

A vulnerability was found in all versions of the deprecated package Keycloak Gatekeeper, where on using lower case HTTP headers via cURL we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in...

Ipsourcebypass - This Python Script Can Be Used To Bypass IP Source Restrictions Using HTTP Headers

This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON export with --json outputfile.json. Auto-detecting most successfull bypasses. Usage $ ./ipsourcebypass.py -h IP source bypass using HTTP headers, v1.1 usage:...

CVE-2021-40339

Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26...

CVE-2021-40339

Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26...

Design/Logic Flaw

Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26...

CVE-2021-40339 OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product

Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26...

CVE-2021-40339

Hitachi Energy LinkOne (WebView) is affected by CVE-2021-40339 due to a misconfiguration: the application lacks HTTP headers, enabling an attacker to retrieve sensitive information. Affected versions are LinkOne WebView 3.20, 3.22, 3.23, 3.24, 3.25, and 3.26. The CVE entry describes a configurati...

Mageia: Security Advisory (MGASA-2018-0428)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-45226

An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites...

Input validation

An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites...

CVE-2021-45226

CVE-2021-45226 affects COINS Construction Cloud 11.12. The root cause is improper validation of user-controlled HTTP headers, which can cause the system to send password-reset emails to arbitrary websites. This creates risk of phishing/credential misuse via misdirected password resets. The vulner...

CVE-2021-45226

An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites...

PT-2022-12311 · Unknown · Coins Construction Cloud

Name of the Vulnerable Software and Affected Versions: COINS Construction Cloud version 11.12 Description: An issue was discovered due to improper validation of user-controlled HTTP headers, allowing attackers to cause the system to send password-reset e-mails pointing to arbitrary websites...