CVE-2018-8863

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

Hardcoded credentials

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

CVE-2018-8863

CVE-2018-8863 affects Philips EncoreAnywhere (APAC hosted web app); vulnerability arises from an HTTP header that exposes data enabling information disclosure. Affected product/version: EncoreAnywhere 2.36.3.3 or earlier. Impact: confidentiality impact (data exposure); CVSSv3 base score 5.9 (scor...

USN-6473-1: urllib3 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 22.04 Description It was discovered that urllib3 didn’t strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. Thi...

PT-2023-11230 · Philips · Philips Encoreanywhere

Name of the Vulnerable Software and Affected Versions: Philips EncoreAnywhere affected versions not specified Description: The issue concerns the HTTP header in Philips EncoreAnywhere, which contains data that an attacker may be able to use to gain sensitive information. Recommendations: At the...

GHSA-WF5P-G6VW-RHXX Axios Cross-Site Request Forgery Vulnerability

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

Axios Cross-Site Request Forgery Vulnerability

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

DEBIAN-CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

Design/Logic Flaw

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

CVE-2023-45857

CVE-2023-45857 - Axios XSRF token exposure : The issue in Axios 1.5.1 causes the confidential XSRF-TOKEN stored in cookies to be included in the HTTP header X-XSRF-TOKEN for every request, potentially allowing an attacker to view sensitive information. The public metrics indicate a CVSS v3.1 base...

CVE-2023-45857

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : urllib3 vulnerabilities (USN-6473-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6473-1 advisory. It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A...

Security Bulletin: Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak

Summary Golang Go is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2023-29406, CVE-2023-29409. libp2p go-libp2p is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2023-39533. Vulnerability Details CVEID: CVE-2023-29406 DESCRIPTIO...

PT-2023-30555 · Zoho · Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9.1.0 Description: A CRLF injection vulnerability has been found in ManageEngine Desktop Central. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response...