CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server

Summary IBM WebSphere Application Server is shipped with IBM Security Directory Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2022-34165)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application...

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to HTTP header injection (CVE-2022-34165)

Summary Liberty for Java for IBM Cloud is vulnerable to HTTP header injection when processing web requests. This has been addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0....

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2022-34165)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2022-2345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2022-1930 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages...

Security Bulletin: Vulnerabilities identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2022-34165 and CVE-2022-34336)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulleti...

Security Bulletin: WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM Security Access Manager for Enterprise Single Sign-On includes IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to HTTP header injection CVE-2022-34165 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

CVE-2022-2877

CVE-2022-2877 affects the WordPress Titan Anti-spam & Security plugin prior to 7.3.1. The root cause is improper validation of HTTP headers used to verify the origin IP, allowing an attacker to bypass the plugin’s block feature by spoofing headers (e.g., X-Forwarded-For). The CVSSv3.1 vector is N...

Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting

Project Wonder WebObjects 1.0 through 7.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available at commit number b0d2d74f13203268ea254b02552600850f28014b...

GHSA-XV7R-9VQ4-9WRQ Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting

Project Wonder WebObjects 1.0 through 7.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available at commit number b0d2d74f13203268ea254b02552600850f28014b...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

Design/Logic Flaw

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

CVE-2022-37724

The CVE-2022-37724 issue affects Project Wonder WebObjects, with vulnerable components in WebObjects adapters exposing Arbitrary HTTP Header injection and URL- or Header-based XSS reflection. Public records reference affected versions as 1.0 through 5.4.3 (and related advisories extend to 7.3 in ...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...