Security Bulletin: IBM Sterling Control Center is vulnerable to HTTP Host Header Injection Vulnerability

Summary HTTP Host Header Injection Vulnerability is affecting Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-35894 DESCRIPTION: IBM Sterling Control Center is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow ...

D-Link DAP-1562 Stack Buffer Overflow Vulnerability

The D-Link DAP-1562 is a wireless bridge from China's AUO D-Link. A security vulnerability exists in the D-Link DAP-1562 version 1.10, which stems from a stack buffer overflow in the HTTP Header Handler, which could lead to a remote attack. An attacker can exploit the vulnerability to execute...

Linux Distros Unpatched Vulnerability : CVE-2023-28362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for...

SUSE-SU-2025:20230-1 Security update for haproxy

This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 BUG/MINOR: cfgparse-listen: fix option httpslog overrid...

Linux Distros Unpatched Vulnerability : CVE-2018-1000027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response...

CVE-2025-1876

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function httprequestparse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-1876

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function httprequestparse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-1876

CVE-2025-1876 affects D-Link DAP-1562 running version 1.10. The issue is a stack-based buffer overflow in the HTTP Header Handler’s http_request_parse function triggered by manipulation of the Authorization argument. The vulnerability can be exploited remotely to potentially execute arbitrary cod...

CVE-2025-1876 D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function httprequestparse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-1876 D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function httprequestparse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched...

ClickHouse < 19.13.5.44

The version of ClickHouse installed on the remote host is prior to 19.13.5.44. It is, therefore, affected by a HTTP header injection vulnerability via the url table function. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

The vulnerability of the Header MVC framework for developing web systems and applications in CodeIgniter allows a attacker to trigger a service failure.

The vulnerability of the Header MVC framework used for developing web systems and applications in CodeIgniter relates to conflicts in interpretation when processing HTTP headers’ names and values. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 6.1.7, which stems from a Regular Expression Denial of Service ReDoS vulnerability in the processing of HTTP request headers, which can be exploited by an attacker to...

CVE-2025-24888 Path traversal in SecureDrop Client API.download_reply()

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to version 0.14.1, a malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machine sd-app. SecureDrop Server...

FreeBSD : Gitlab -- Vulnerabilities (1a8c5720-e9cf-11ef-9e96-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1a8c5720-e9cf-11ef-9e96-2cf05da270f3 advisory. Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symb...

CVE-2025-25198

mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...

CVE-2025-25200

CVE-2025-25200 — Koa (Node.js): A regex-based issue in Koa’s header parsing (X-Forwarded-Proto/Host) before versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 can be exploited to cause a Denial-of-Service. The fix is included in those versions (and later). The vulnerability stems from an inefficie...

Gitlab -- Vulnerabilities

Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symbol Creation Exfiltrate content from private issues using Prompt Injection A custom permission may allow overriding Repository settings Internal HTTP header leak via route confusion in workhorse SSRF via...

USN-7260-1: OpenRefine vulnerabilities

It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : OpenRefine vulnerabilities (USN-7260-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7260-1 advisory. It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a...