Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

Veeam ONE Report Error "Invalid query string"

Challenge When previewing a report in Veeam ONE Web Client, the report fails to load with the error: Error Invalid query string Cause This error occurs when the URL used to access the Veeam ONE Web Client does not match the URL of the report preview. For example, if the URL used to access Veeam O...

DEBIAN-CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

DEBIAN-CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

CVE-2017-5120

CVE-2017-5120 describes a downgrade of HTTPS during redirects in the Chromium/Chrome browser. Affected: Chromium/Chrome before 61.0.3163.79 on desktop (Mac/Windows/Linux) and 61.0.3163.81 on Android, with downstream advisories referencing Chromium builds. Root cause: a misdesign workaround for ww...