Cross site scripting

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via synofindersite HTTP header...

CVE-2021-26562

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via synofindersite HTTP header...

CVE-2021-26561

Synology DSM 6.2.x contains a stack-based out-of-bounds write flaw in the synoagentregisterd/server finder path (syno_finder_site handling) that can be triggered via a malicious HTTP response from a MITM attacker. TALOS-2020-1159 describes an out-of-bounds write in synoagentregisterd’s finder fun...

CVE-2021-27404

Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow injection of a Host HTTP header...

Design/Logic Flaw

Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow injection of a Host HTTP header...

CVE-2021-27404

Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow injection of a Host HTTP header...

Security Bulletin: Netcool Operations Insight - Missing or insecure headers

Summary AppScan detected multiple low severity http header issues. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Netcool Operations Insight| 1.4.x Netcool Operations Insight| 1.5.x...

CVE-2021-22133

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it...

CVE-2021-22133

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it...

EulerOS 2.0 SP8 : ceph (EulerOS-SA-2021-1136)

According to the versions of the ceph packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Ope...

Ubuntu: Security Advisory (USN-4706-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4706-1: Ceph vulnerabilities

Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. CVE-2020-10736 Adam Mohammed found...

Ubuntu 20.04 LTS : Ceph vulnerabilities (USN-4706-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4706-1 advisory. Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An...

Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

openSUSE Security Update : python3 (openSUSE-2020-2333)

This update for python3 fixes the following issues : - Fixed CVE-2020-27619 bsc1178009, where Lib/test/multibytecodecsupport calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 an...

Amazon Linux AMI : tomcat7 (ALAS-2021-1472)

The version of tomcat7 installed on the remote host is prior to 7.0.107-1.39. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1472 advisory. A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some...

CVE-2020-5019

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the...

Cross site scripting

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the...

CVE-2020-5019

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the...