CVE-2022-32453

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors...

Design/Logic Flaw

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors...

CVE-2022-32453

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors...

PT-2022-21328 · Cybozu · Cybozu Office

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.5 Description: The issue allows a remote attacker to obtain and/or alter the data of the product via unspecified vectors. This is due to an HTTP header injection vulnerability. Recommendations: For...

Softing Secure Integration Server 缓冲区错误漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A buffer error vulnerability exists in Softing Secure Integrati...

CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

DEBIAN-CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

CVE-2022-31779

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

CVE-2022-34163

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333...

Cross site scripting

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333...

CVE-2022-34163

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333...

CVE-2022-34163

The CVE-2022-34163 issue affects IBM CICS TX Standard/Advanced 11.1. Root cause is improper validation of input in the HOST header, causing HTTP header injection that can enable cross-site scripting, cache poisoning, or session hijacking. IBM provides fixes for 11.1 (defect 127639) via interim up...

Design/Logic Flaw

A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session...

CVE-2021-39028

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site...

Cross site scripting

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site...

CVE-2021-39028

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site...

CVE-2022-34759

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to Host Header Injection (CVE-2021-39028)

Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. CVE-2021-39028. Vulnerability Details CVEID: CVE-2021-39028 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing is vulnerabl...

多款Schneider Electric产品缓冲区错误漏洞

The Schneider Electric OPC UA Modicon Communication Module and the Schneider Electric X80 advanced RTU Communication Module are both products of the French company Schneider Electric. The Schneider Electric OPC UA Modicon Communication Module is an Ethernet communication module with an embedded O...

CVE-2022-34759

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...