GHSA-WX5J-54MM-RQQQ HTTP request smuggling in netty

Impact Netty currently just skips control chars when these are present at the beginning / end of the header name. We should better fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names...

ArcGIS Server 代码注入漏洞

Esri Arcgis Server is a web-oriented, enterprise-class software platform that can be used to provide geolocation services from Esri, Inc. in the United States. A security vulnerability exists in ArcGIS Server that allows an attacker to inject html content into a page...

CVE-2021-42564

An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers with permission to provide confidential messages via Cryptshare to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' substring in the editor parameter...

Business-Dna Solution GmbH TopEase 跨站脚本漏洞

Business-Dna Solution GmbH TopEase is a "transformational risk" solution from the Swiss company Business-Dna Solution GmbH. A cross-site scripting vulnerability exists in Business-Dna Solution GmbH TopEase, which can be exploited by attackers to inject arbitrary HTML and JavaScript into object...

DEBIAN-CVE-2021-38001

Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability...

ASUS routers 安全漏洞

ASUS routers is a router app from ASUS of Taiwan, China. A security vulnerability exists in ASUS routers that stems from a problem with the router firmware's limit on the number of login attempts, which allows remote attackers to attempt an arbitrary number of login attempts by sending a specific...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability...

The vulnerability of the Blink rendering module in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Blink rendering module in Google Chrome and Microsoft Edge browsers is related to the execution of operations outside the buffer during the processing of HTML content. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service...

Puppet Server 安全漏洞

Puppet Server is a software from Puppet Labs in the U.S. for pushing configurations from the primary server to other servers. an information disclosure vulnerability exists in Puppet Agent and Puppet Server, which stems from a lack of restrictions and protections in the HTTP transport process,...

sqlite: dropping of shadow tables not restricted in defensive mode

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...

Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports

The Mozilla Foundation Security Advisory describes this flaw as: The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on...

VulnCheck KEV: CVE-2020-4427

IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication...

DEBIAN-CVE-2021-37979

heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page...

The vulnerability of Google Chrome’s browser loading function, related to memory usage after it is released, allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of Google Chrome’s web browser loading function is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service interruptions through a specially created...

The vulnerability of the software for ensuring high availability and load balancing for TCP and HTTP applications managed by Haproxy arises from the execution of a loop with an unreachable exit condition. This allows a attacker to cause a service failure.

The vulnerability of the software used for ensuring high availability and load balancing for TCP and HTTP applications managed by Haproxy is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Apache MINA 安全漏洞

Apache MINA is a web application framework from the Apache Foundation. A denial-of-service vulnerability exists in Apache MINA, which is caused by improper handling of HTTP message header requests in Apache MINA. An attacker could exploit this vulnerability to potentially cause an infinite loop i...

The vulnerability of the user interface of Google Chrome’s web UI, related to the use of memory after it is released, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the user interface of Google Chrome’s web UI is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions through a specially created HTML...

Cisco Adaptive Security Appliances Software和Cisco Firepower Threat Defense 缓冲区错误漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco, Inc.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall services. Defense is a set of unified software to provide...

The vulnerability of the Content Security Policy component in the Google Chrome web browser, related to improper authorization, allows attackers to compromise data integrity.

The vulnerability of the Content Security Policy component in the Google Chrome web browser is related to insufficient implementation of policies. Exploiting this vulnerability allows a malicious actor to compromise data integrity through a specially crafted HTML page...