56 matches found
EUVD-2005-0646
Malware in sbrugna...
EUVD-2020-26075
Malware in sbrugna...
EUVD-2020-26143
Malware in sbrugna...
EUVD-2000-0895
Malware in sbrugna...
EUVD-2006-0059
Malware in sbrugna...
EUVD-2021-8254
Malicious code in bioql PyPI...
EUVD-2022-1215
Malicious code in bioql PyPI...
CVE-2024-44930
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
Host Header Injection
leantime/leantime is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the host header due to the system allowing attackers to manipulate HTTP request headers, leading to unauthorized access to user details...
Regular Expression Denial Of Service (ReDoS)
@octokit/request-error is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the handling of HTTP request headers. Specifically, the regex used to process authorization headers fails to handle excessive whitespace...
CVE-2024-43424
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...
CVE-2024-51504
CVE-2024-51504 affects ZooKeeper Admin Server via IPAuthenticationProvider. Default IP detection uses HTTP headers (X-Forwarded-For) and can be spoofed, leading to authentication bypass for IP-based auth. Admin commands like snapshot/restore may be exploited after bypass. Impact: potential inform...
CVE-2024-43424
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...
URL Rewrite
zendframework/zendframework is vulnerable to URL Rewrite. The vulnerability is due to the request URI marshaling logic that introspects HTTP request headers specific to server-side URL rewrite mechanisms. When these headers are present on systems not running the specific URL rewriting mechanism,...
Zend-Feed URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
RHEL 5 : others (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter CVE-2014-0227 - Apache Tomcat...
CVE-2023-40518
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...
GHSA-V3R5-PJPM-MWGQ Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...