CVE-2024-11695

CVE-2024-11695 describes a spoofing vulnerability in Mozilla Firefox and Thunderbird where a crafted URL containing Arabic script and whitespace could hide the page’s true origin, enabling spoofing. Affected versions: Firefox < 133 and Firefox ESR < 128.5; Thunderbird < 133 and Thunderbird

GHSA-6HWR-6V2F-3M88 XXE in PHPSpreadsheet's XLSX reader

Summary The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLSX sheets, Server files and sensitive information can be disclosed by...

Rocky Linux 8 : nodejs:12 (RLSA-2020:0598)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:0598 advisory. - Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate CVE-2019-15604 - HTTP...

World Mobile’s Africa Field Tests: Harnessing TV White Space and Starlink

By Owais Sultan World Mobile, a decentralized wireless network operator, has achieved a significant milestone with the successful completion of field… This is a post from HackRead.com Read the original post: World Mobiles Africa Field Tests: Harnessing TV White Space and Starlink...

CVE-2023-24540

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

K18263026: The BIG-IP HTTP parser can incorrectly parse a tab character

Security Advisory Description When scanning a URI, the HTTP parser on the BIG-IP system may periodically treat a tab character as white space, which causes incorrect URI parsing. For example, the BIG-IP system receives the following GET string in an HTTP request: GET \t/admin/ HTTP/1.0\r\n\r\n...

K27551003: The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it

Security Advisory Description This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. An iRule or LTM policy that uses HTTP header information is associated with the virtual server. The BIG-IP system receives a specially crafted HTTP...

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

Stored XSS using HTMLEditor

A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. An attacker must have access to the CMS to exploit this issue...

Input validation

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

CVE-2022-31180 Insufficient escaping of whitespace in shescape

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

Protocol/Hostname spoofing via Improper Input Validation

Description The uri.js doesn't remove whitespace characters from the beginning of the protocol, so it doesn't parse URLs properly. Several methods, including http.get, location.href, and fetch, strip the whitespace character in front of the protocol before sending the request. Proof of Concept...

CVE-2021-43174

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

SUSE: Security Advisory (SUSE-SU-2020:0454-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kamailio 5.4.0 Header Smuggling

Kamailio vulnerable to header smuggling possible due to bypass of removehf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: - Report date & issue patched by Kamailio: 2020-07-16 - Kamailio rewrite for header parser better fi...

Security update for nodejs8 (important)

openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-2020:0293-1 Rating: important References: 1163102 1163103 1163104 Cross-References: CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is n...

SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2020:0488-1)

This update for nodejs6 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

SUSE-SU-2020:0488-1 Security update for nodejs6

This update for nodejs6 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0454-1)

This update for nodejs8 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...