CVE-2021-27762

Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses...

CVE-2021-27762

Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses...

HCL Technologies BigFix Platform 安全漏洞

HCL Technologies BigFix Platform is a suite of endpoint security management platform from HCL Technologies, India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL Technologies BigFix Platform that stems from...

CLSA-2022-1646060698 Fix of CVE: CVE-2021-31807, CVE-2021-28662, CVE-2021-33620, CVE-2021-28652, CVE-2021-28651, CVE-2021-31808, CVE-2021-31806

CVE-2021-28651: Fix memory leak that perform DoS via buffer-management bug - CVE-2021-28652: Fix cache manager URL parsing that perform DoS via incorrect parser validation - CVE-2021-28662: Add limit HeaderLookupTablet::lookup to BadHdr and specific IDs that perform DoS via certain response...

Apache ShenYu 信息泄露漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . An information disclosure vulnerability exists in Apache ShenYu versions 2.4.0 and 2.4.1, which arises from a configuration or other error in the operation...

IBM Cognos Analytics 安全漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation of the United States. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing content such as key factors and key people. IBM Cognos Analytic...

CHIYU Technology BF-630W 跨站脚本漏洞

The Chiyu CHIYU BF-430 and others are a networking server that provides communication for access control, time and attendance systems and other devices from China's Taiwan-based Chiyu Technology Chiyu. The cross-site scripting vulnerability exists in multiple CHIYU products, which stems from an...

DEBIAN-CVE-2021-32052

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

PYSEC-2021-8

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

Django 跨站脚本漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A cross-site scripting vulnerability exists in django, which stems from the fact that on Python...

CVE-2020-4953

IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029...

CVE-2020-13863

The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information...

CVE-2020-4361

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766...

resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class

A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed...

PT-2020-6881 · Abb · Abb Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 to 6.0.3 Description: The issue is related to errors in processing requests, which can allow a remote attacker to disclose protected information. Specifically, HTTPS responses contain comments with sensitive information...

NEC Aterm W300P Buffer Overflow Vulnerability (CNVD-2019-01105)

The NEC Aterm W300P is a wireless router from Nippon Electric NEC. A buffer overflow vulnerability exists in the NEC Aterm W300P using firmware version 1.0.13 and earlier. An attacker can exploit this vulnerability to execute arbitrary code with the help of HTTP requests and responses...

CVE-2018-13376

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

Unspecified Vulnerability in Eclipse Vert.x (CNVD-2019-43402)

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM , which is mainly used to build applications such as network utilities , Web applications , HTTP/REST microservices and so on. A security vulnerability exists in Eclipse Vert.x that stems from the...

CVE-2018-5535

On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of...

ALPINE-CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...