EUVD-2023-1729

Malicious code in bioql PyPI...

CVE-2022-3215

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...

Linux Distros Unpatched Vulnerability : CVE-2016-6816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line...

Security Vulnerabilities fixed in Thunderbird 115.8 — Mozilla

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...

Mozilla Thunderbird < 115.8

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-07 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined...

CVE-2023-48256

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...

SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...

GHSA-7FJ7-39WJ-C64F SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...

CVE-2022-3215

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...

CVE-2022-3215

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...

CVE-2022-3215

CVE-2022-3215 affects NIOHTTP1 and projects using it (e.g., SwiftNIO) where user input reflected into HTTP response headers can enable a HTTP Response Injection via CRLF sequences. The root cause is improper handling of input in HTTP headers, allowing newlines to be injected into responses, poten...

CVE-2022-3215

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...

PT-2022-21119 · Apple · Swiftnio

Name of the Vulnerable Software and Affected Versions: NIOHTTP1 affected versions not specified SwiftNIO affected versions not specified Description: The issue occurs when a HTTP/1.1 server accepts user-generated input from an incoming request and reflects it into a HTTP/1.1 response header. A...

CRLF Injection

puma is vulnerable to CRLF injection. The values in the HTTP response headers not sanitized and validated, allowing an attacker perform HTTP response splitting by adding carriage feed or line return characters to inject arbitrary content in the HTTP response from the server. This vulnerability is...

CVE-2017-7559

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

PYSEC-2017-54

Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Cisco EPC 3925 - Multiple Vulnerabilities

Cisco EPC 3925 - Multiple Vulnerabilities Title: Cisco EPC 3925 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco EPC3925 EuroDocsis 3.0 2-PORT Voice Gateway Date: 15.09.2016 Author: Patryk Bogdan ======== Vulnerability list: 1. HTTP Response Injection via 'Lang'...

Cisco EPC 3925 XSS / CSRF / HTTP Response Injection / DoS

Title: Cisco EPC 3925 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco EPC3925 EuroDocsis 3.0 2-PORT Voice Gateway Date: 15.09.2016 Author: Patryk Bogdan ======== Vulnerability list: 1. HTTP Response Injection via 'Lang' Cookie 2. DoS via 'Lang' Cookie 3. DoS in...

Cisco EPC 3925 - Multiple Vulnerabilities

Title: Cisco EPC 3925 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco EPC3925 EuroDocsis 3.0 2-PORT Voice Gateway Date: 15.09.2016 Author: Patryk Bogdan ======== Vulnerability list: 1. HTTP Response Injection via 'Lang' Cookie 2. DoS via 'Lang' Cookie 3. DoS in...