Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0666 | 1 Microweber | 1 Microweber | 2022-02-26 | 5.0 MEDIUM | 7.5 HIGH |
| CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-39172 | 1 Catchethq | 1 Catchet | 2021-09-09 | 6.5 MEDIUM | 8.8 HIGH |
| Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | |||||
| CVE-2018-19585 | 1 Gitlab | 1 Gitlab | 2020-12-24 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. | |||||
| CVE-2018-12477 | 1 Opensuse | 1 Leap | 2019-10-09 | 6.4 MEDIUM | 7.5 HIGH |
| A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce. | |||||
| CVE-2016-10803 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). | |||||
| CVE-2018-1000164 | 2 Debian, Gunicorn | 2 Debian Linux, Gunicorn | 2019-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. | |||||
| CVE-2019-10678 | 1 Domoticz | 1 Domoticz | 2019-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options. | |||||
| CVE-2017-15400 | 1 Google | 1 Chrome Os | 2018-07-13 | 9.3 HIGH | 7.8 HIGH |
| Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. | |||||