CVE-2021-41973

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater...

Ubuntu 18.04 LTS : Ceph vulnerabilities (USN-5128-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5128-1 advisory. Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker cou...

CVE-2021-35237

A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...

Design/Logic Flaw

A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...

CVE-2021-35237

The CVE-2021-35237 entry describes a missing HTTP header (X-Frame-Options) in Kiwi Syslog Server, enabling clickjacking. Affected software: Kiwi Syslog Server; vulnerability is due to absence of the X-Frame-Options header in HTTP responses. Impact: potential user interaction manipulation via embe...

NewStart CGSL CORE 5.05 / MAIN 5.05 : tomcat Multiple Vulnerabilities (NS-SA-2021-0144)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tomcat packages installed that are affected by multiple vulnerabilities: - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacke...

CVE-2021-21743

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request...

CVE-2021-31349

CVE-2021-31349 affects Juniper Networks 128 Technology Session Smart Router. An authentication bypass flaw arises from the use of an internal HTTP header, enabling a remote attacker to bypass authentication and potentially view internal files, change settings, manipulate services, and execute arb...

Security Bulletin: Operations Dashboard is vulnerable to multiple Go vulnerabilities

Summary Operations Dashboard is vulnerable to multiple Go vulnerabilities with details of each below Vulnerability Details CVEID: CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By...

Cybozu Remote Service HTTP Header Injection Vulnerability

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems by Cybozu Japan.Cybozu Remote Service is vulnerable to HTTP header injection. A remote attacker can use this vulnerability to alter information stored in the product...

CVE-2021-20802

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product...

Design/Logic Flaw

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product...

CVE-2021-20802

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product...

CVE-2021-20802

CVE-2021-20802 affects Cybozu Remote Service versions 3.1.8–3.1.9 and is an HTTP header injection vulnerability (CWE-113) that can let a remote attacker alter information stored in the product. The issue is documented across multiple sources (NVD, JVN, Red Hat, CNVD, CNVD, etc.). The confirmed im...

CVE-2021-41130

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

Authorization

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

CVE-2021-42071

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...

Command injection

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...

CVE-2021-42071

CVE-2021-42071 affects Visual Tools DVR VX16 4.2.28.0. An unauthenticated attacker can achieve remote code execution by exploiting shell metacharacters in the cgi-bin/slogin/login.py User-Agent header, via an OS command-injection vector. Exploitation has been demonstrated in public disclosures (E...

CVE-2021-42071

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...