CVE-2021-35973

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/minihttpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows th...

CVE-2021-29456

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

CVE-2021-29456

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

Authorization

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

CVE-2021-29456

CVE-2021-29456 affects Authelia (open‑source authentication/SSO server). In versions ≤ 4.27.4, an HTTP query parameter permits open redirects to any external domain, enabling potential phishing by spoofing the initial URL. The vulnerability’s impact is limited to redirect behavior, not direct app...

CVE-2021-29456 Authelia allows open redirects on the logout endpoint

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

Design/Logic Flaw

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

Debian DSA-4424-1 : pdns - security update

Adam Dobrawy, Frederico Silva and Gregory Brzeski from HyperOne.com discovered that pdns, an authoritative DNS server, did not properly validate user-supplied data when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend. This would allow a remote user to cause...

Updated cxxtols package fixes security issue

A flaw in cxxtools version 2.2 allows remote attackers to cause a denial of service infinite recursion and crash via an HTTP query that contains %% double percent characters CVE-2013-7298. This update fixes the vulnerability...

DEBIAN-CVE-2013-7298

queryparams.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service infinite recursion and crash via an HTTP query that contains %% double percent characters...

UBUNTU-CVE-2013-7298

queryparams.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service infinite recursion and crash via an HTTP query that contains %% double percent characters...

CVE-2013-7298

CVE-2013-7298 affects cxxtools up to version 2.2.0 (before 2.2.1). A DoS exists where an HTTP query containing %% (double percent) can trigger infinite recursion and crash. The issue is fixed in cxxtools 2.2.1 (as reflected in Mageia/Fedora advisories and OSV entries). Remediation: upgrade to 2.2...

CVE-2013-7298

queryparams.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service infinite recursion and crash via an HTTP query that contains %% double percent characters...

CVE-2013-7298

queryparams.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service infinite recursion and crash via an HTTP query that contains %% double percent characters...

CVE-2013-3455

Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732...

Code injection

Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732...

CVE-2013-3455

Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732...