Design/Logic Flaw

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

UBUNTU-CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

XSS in Dolibarr ERP & CRM

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...

Cross-Site Scripting (XSS)

dolibarr is susceptible to cross-site scripting XSS attacks. The vulnerability exists due to the unsanitized value of the Referer HTTP header before being used into the HTML document allows an attacker to inject arbitrary script...

Information Disclosure

sylius/resource-bundle is vulnerable to information disclosure. The vulnerability exists as ResourceBundle did not properly restrict the values of serializationgroups to be passed through the HTTP header...

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

Design/Logic Flaw

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2020-5220 Ability to expose data in Sylius by using an unintended serialisation group

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2020-5220

Sylius ResourceBundle has a vulnerability where it accepts and uses any serialization groups via an HTTP header, potentially exposing data by using an unintended serialization group (e.g., a permissive group from Admin API in Shop API). Affected products are Sylius ResourceBundle components, with...

CVE-2020-7996

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...

CVE-2020-7996

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...

CVE-2020-7996

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...

Design/Logic Flaw

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...

CVE-2020-7996

Dolibarr ERP/CRM version 10.0.6 contains a cross-site scripting (XSS) flaw in htdocs/user/passwordforgotten.php that can be triggered via the Referer HTTP header. The available sources consistently describe this vulnerability as an XSS issue in the Referer header handling, with no publicly docume...

Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability

The Cisco Content Security Management Appliance SMA and the Cisco Web Security Appliance WSA are both products of Cisco, Inc.The Cisco Web Security Appliance is a Web security appliance. The appliance provides SaaS-based access control, real-time network reporting and tracking, and the developmen...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2593)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance WSA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient...

Amazon Linux 2 : golang, --advisory ALAS2-2020-1383 (ALAS-2020-1383)

The version of golang installed on the remote host is prior to 1.13.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1383 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C...