Search
Total
258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21645 | 1 Pyload | 1 Pyload | 2024-01-11 | N/A | 5.3 MEDIUM |
| pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77. | |||||
| CVE-2023-50093 | 1 Apiida | 1 Api Gateway Manager | 2024-01-09 | N/A | 6.1 MEDIUM |
| APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. | |||||
| CVE-2023-52081 | 1 Ewen-lbh | 1 Firefox Css | 2024-01-05 | N/A | 5.3 MEDIUM |
| ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex `[-_ .]`. The `lookupPreprocess()` can be easily bypassed with equivalent Unicode characters like U+FE4D (?), which would result in the omitted U+005F (_), for instance. The `lookupPreprocess()` function is only ever used to search for themes loosely (case insensitively, while ignoring dashes, underscores and dots), so the actual security impact is classified as low. This vulnerability is fixed in 0.2.0. There are no known workarounds. | |||||
| CVE-2023-6134 | 1 Redhat | 2 Keycloak, Single Sign-on | 2023-12-29 | N/A | 5.4 MEDIUM |
| A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748. | |||||
| CVE-2023-48205 | 1 Jorani | 1 Leave Management System | 2023-12-11 | N/A | 5.3 MEDIUM |
| Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. | |||||
| CVE-2023-35075 | 1 Mattermost | 1 Mattermost | 2023-11-30 | N/A | 5.4 MEDIUM |
| Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though. | |||||
| CVE-2022-3643 | 3 Broadcom, Debian, Linux | 3 Bcm5780, Debian Linux, Linux Kernel | 2023-11-29 | N/A | 6.5 MEDIUM |
| Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | |||||
| CVE-2023-6174 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-11-28 | N/A | 6.5 MEDIUM |
| SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2022-4188 | 1 Google | 2 Android, Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4767 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-11-13 | N/A | 6.1 MEDIUM |
| A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv. | |||||
| CVE-2020-3561 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense | 2023-08-16 | 4.3 MEDIUM | 4.7 MEDIUM |
| A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites. | |||||
| CVE-2023-4157 | 1 Omeka | 1 Omeka S | 2023-08-09 | N/A | 4.8 MEDIUM |
| Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3. | |||||
| CVE-2022-42471 | 1 Fortinet | 1 Fortiweb | 2023-08-08 | N/A | 5.4 MEDIUM |
| An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. | |||||
| CVE-2022-42472 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-08-08 | N/A | 5.4 MEDIUM |
| A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | |||||
| CVE-2022-22344 | 1 Ibm | 1 Spectrum Copy Data Management | 2023-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038 | |||||
| CVE-2022-34165 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2023-08-08 | N/A | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. | |||||
| CVE-2021-31249 | 1 Chiyu-tech | 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components. | |||||
| CVE-2021-41437 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2023-08-08 | N/A | 6.5 MEDIUM |
| An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | |||||
| CVE-2022-47052 | 1 Netgear | 2 Ac1200 R6220, Ac1200 R6220 Firmware | 2023-08-08 | N/A | 6.1 MEDIUM |
| The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1. | |||||
| CVE-2020-24275 | 1 Swoole | 1 Swoole | 2023-07-31 | N/A | 6.5 MEDIUM |
| A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | |||||
| CVE-2021-27908 | 1 Acquia | 1 Mautic | 2022-07-29 | 2.1 LOW | 4.4 MEDIUM |
| In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application. | |||||
| CVE-2022-34903 | 3 Debian, Fedoraproject, Gnupg | 3 Debian Linux, Fedora, Gnupg | 2022-07-28 | 5.8 MEDIUM | 6.5 MEDIUM |
| GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | |||||
| CVE-2021-44832 | 5 Apache, Cisco, Debian and 2 more | 13 Log4j, Cloudcenter, Debian Linux and 10 more | 2022-07-25 | 8.5 HIGH | 6.6 MEDIUM |
| Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. | |||||
| CVE-2020-26137 | 4 Canonical, Debian, Oracle and 1 more | 4 Ubuntu Linux, Debian Linux, Zfs Storage Appliance Kit and 1 more | 2022-07-25 | 6.4 MEDIUM | 6.5 MEDIUM |
| urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | |||||
| CVE-2022-34466 | 1 Mendix | 1 Mendix | 2022-07-20 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration. | |||||
| CVE-2020-35669 | 1 Dart | 1 Http | 2022-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request. | |||||
| CVE-2021-39028 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization Publishing, Linux Kernel, Windows | 2022-07-18 | N/A | 5.4 MEDIUM |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866. | |||||
| CVE-2021-30540 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2021-0551 | 1 Google | 1 Android | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039 | |||||
| CVE-2021-45655 | 1 Netgear | 2 R6400, R6400 Firmware | 2022-07-12 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection. | |||||
| CVE-2021-21141 | 2 Google, Microsoft | 2 Chrome, Edge | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. | |||||
| CVE-2022-31108 | 1 Mermaid Project | 1 Mermaid | 2022-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks. | |||||
| CVE-2022-31088 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2022-07-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0. | |||||
| CVE-2018-1000193 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2022-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI. | |||||
| CVE-2021-45818 | 1 Safarimontage | 1 Safari Montage | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. | |||||
| CVE-2022-30991 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
| CVE-2022-23068 | 1 Tooljet | 1 Tooljet | 2022-05-26 | 3.5 LOW | 5.4 MEDIUM |
| ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail. | |||||
| CVE-2022-22975 | 1 Vmware | 1 Pinniped | 2022-05-19 | 6.0 MEDIUM | 6.6 MEDIUM |
| An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership. | |||||
| CVE-2022-24888 | 1 Nextcloud | 1 Nextcloud Server | 2022-05-06 | 5.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. | |||||
| CVE-2021-28979 | 1 Thalesgroup | 1 Safenet Keysecure | 2022-05-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. | |||||
| CVE-2021-3027 | 1 Librit | 1 Passhport | 2022-05-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization. | |||||
| CVE-2021-29209 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2022-04-25 | 3.5 LOW | 4.8 MEDIUM |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | |||||
| CVE-2021-29210 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2022-04-25 | 3.5 LOW | 4.8 MEDIUM |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | |||||
| CVE-2021-29208 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2022-04-25 | 3.5 LOW | 4.8 MEDIUM |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | |||||
| CVE-2021-43929 | 1 Synology | 1 Diskstation Manager | 2022-02-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-14193 | 1 Atlassian | 1 Automation For Jira | 2022-02-01 | 5.5 MEDIUM | 5.4 MEDIUM |
| Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15. | |||||
| CVE-2020-4027 | 1 Atlassian | 2 Confluence, Confluence Server | 2021-12-13 | 6.5 MEDIUM | 4.7 MEDIUM |
| Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1. | |||||
| CVE-2020-26142 | 1 Openbsd | 1 Openbsd | 2021-12-03 | 2.6 LOW | 5.3 MEDIUM |
| An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration. | |||||
| CVE-2019-25031 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2021-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. | |||||
| CVE-2020-12108 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2021-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. | |||||