CVE-2022-50766

In the Linux kernel, the following vulnerability has been resolved: btrfs: set generation before calling btrfscleantreeblock in btrfsinitnewbuffer syzbot is reporting uninit-value in btrfscleantreeblock 1, for commit bc877d285ca3dba2 "btrfs: Deduplicate extentbuffer init code" missed that...

EUVD-2025-201203

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...

Malicious code in cf-middleware-set-header (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2865 Malicious code in cf-middleware-set-header (npm)

--- -= Per source details. Do not edit below this line.=-...

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Overview Affected versions of this package are vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and...

SUSE CVE-2020-11709

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...

OWASP ModSecurity Core Rule Set 安全漏洞

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in OWASP ModSecurity Core Rule Set CRS that originates in the Character Set Acceptance header field, which results i...

PT-2020-12796 · Cpp Httplib · Cpp-Httplib

Name of the Vulnerable Software and Affected Versions: cpp-httplib versions 0.5.8 and earlier Description: The issue arises from the lack of filtering for r in parameters passed to the set redirect and set header functions, potentially leading to CRLF injection and HTTP response splitting in...

[ipset_list] ipset set listing wrapper script

Features: Calculate sum of set members and match on that count. List only members of a specified set. Choose a delimiter character for separating members. Show only sets containing a specific glob matching header. Arithmetic comparison on headers with an integer value. Match members using a...

PYSEC-2012-5

CRLF injection vulnerability in the tornado.web.RequestHandler.setheader function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input...