3713 matches found
CVE-2021-23860
An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...
Cross site scripting
An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...
CVE-2021-23860
CVE-2021-23860 describes a reflected XSS in Bosch VRM/web interfaces due to an error in a page handler that allows an attacker to modify the HTTP header to exploit the vulnerability. The issue also affects DIVAR IP and BVMS with VRM installed. Publicly available details identify the affected comp...
CVE-2021-23860 Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS
An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...
OrbiTeam BSCW Server XSS / LFI / User Enumeration Vulnerabilities
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities...
OrbiTeam BSCW Server XSS / LFI / User Enumeration
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities in BSCW Server product: OrbiTeam BSCW Server vulnerable version: BSCW Server 5.0.x, 5.1.x, =5.2.4, =7.3.x, =7.4.3 fixed version: 5.2.5, 7.4.4 CVE...
TYPO3 HTTP header injection vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 suffers from an HTTP header injection vulnerability that stems from the lack of valid validation for HTTP host headers and is vulnerable to host spoofing. No detailed...
CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater...
LibreNMS addhost Command Injection (CVE-2018-20434)
A command injection vulnerability exists in LibreNMS. This vulnerability is due to incorrect parsing of the community HTTP header. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to the target server...
Ambiguous OCI manifest parsing
Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of containerd prior to 1.4.12 and 1.5.8 treat the Content-Type...
SUSE-SU-2021:3672-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2021-30640: Escape parameters in JNDI Realm queries bsc1188279. - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients bsc1188278. - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet...
GitHub Security Lab: [Python]: CWE-079: HTTP Header injection
This bug was reported directly to GitHub Security Lab...
GHSA-6MCM-J9CJ-3VC3 Infinite loop in Apache MINA
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater...
Infinite loop in Apache MINA
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater...
USN-5128-1: Ceph vulnerabilities
Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. This issue only affected Ubuntu 18.04 LTS. CVE-2020-27781 It was discovered that Ceph...
DEBIAN-CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater...
CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater...
CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater...
UBUNTU-CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater...
CVE-2021-41973
CVE-2021-41973 affects Apache MINA, where a specially crafted HTTP request can cause the HTTP Header decoder to loop indefinitely, leading to a denial of service. The root cause is the decoder assuming headers begin at the buffer start and looping if extra data is present. Mitigation: upgrade MIN...