3712 matches found
CVE-2021-32052
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...
Cisco Firepower Threat Defense 安全特征问题漏洞
Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. Cisco Firepower Threat Defense FTD suffers from a security signature issue vulnerability that results from incorrect handling of specific HTTP header parameters. A remote...
Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology
Summary Multiple security vulnerabilities affect components used by the following products that may affect those products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager...
GitHub Announces Blocking Google’s FLoC
By Deeba Ahmed GitHub has announced that it is adding an HTTP header which is a move that would block Google's FLoC. Here's the code. This is a post from HackRead.com Read the original post: GitHub Announces Blocking Googles FLoC...
PT-2021-3083 · Cisco · Cisco Isrv +5
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD versions affected versions not specified Cisco Catalyst versions affected versions not specified Cisco ISR versions affected versions not specified Cisco ISA versions affected versions not specified Cisco IS...
PT-2021-2791 · Cisco · Cisco Ftd +5
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD versions affected versions not specified Cisco Catalyst versions affected versions not specified Cisco ISR versions affected versions not specified Cisco ISA versions affected versions not specified Cisco IS...
Ruby: 'net/http': HTTP Header Injection in the set_content_type method
The set\content\type's parameter is not filtered to prevent the injection from altering the entire request. The vulnerable code: ruby def setcontenttypetype, params = @header'content-type' = type + params.map|k,v|"; k=v".join'' end PoC 1. ruby require 'net/http' uri = URI'http://127.0.0.1:8080' r...
SUSE: Security Advisory (SUSE-SU-2016:2106-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1748-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-22876
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...
ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation Exploit Vendor: Zhejiang BC&TV Technology Co., Ltd. ZBL | W&D Corporation WAD TECHNOLOGY THAILAND Product web page: http://www.zblchina.com | http://www.wd-thailand.com Affected version: Firmwre: V100R001 Software model: HG104B-ZG-E /...
UBUNTU-CVE-2021-22876
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...
CVE-2021-22133
A flaw was found in the Elastic APM agent for Go in several versions, where it can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server...
OESA-2021-1058 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
Synology DiskStation Manager Out-of-Bounds Write Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. An out-of-bounds write vulnerability exists in synoagentregisterd in Synology...
CVE-2021-27132
SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...
Crlf injection
SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...
CVE-2021-27132
The CVE-2021-27132 issue affects Sercomm VD625 Smart Modems (firmware AGSOT_2.1.0). The vulnerability is a CRLF injection in the Content-Disposition header during the download function, enabling header manipulation that could enable session hijacking, cross-site scripting, or cache poisoning as d...
CVE-2021-26562
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via synofindersite HTTP header...
Stack overflow
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via synofindersite HTTP header...