Total
1756 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19389 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | |||||
| CVE-2019-19330 | 3 Canonical, Debian, Haproxy | 3 Ubuntu Linux, Debian Linux, Haproxy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | |||||
| CVE-2019-18860 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | |||||
| CVE-2019-18657 | 1 Yandex | 1 Clickhouse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. | |||||
| CVE-2019-18348 | 1 Python | 1 Python | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. | |||||
| CVE-2019-17513 | 1 Ratpack Project | 1 Ratpack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. | |||||
| CVE-2019-17123 | 1 Egain | 1 Mail | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.) | |||||
| CVE-2019-17068 | 2 Opensuse, Putty | 2 Leap, Putty | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | |||||
| CVE-2019-16771 | 1 Linecorp | 1 Armeria | 2024-11-21 | 5.0 MEDIUM | 4.8 MEDIUM |
| Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking. | |||||
| CVE-2019-16532 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections. | |||||
| CVE-2019-16468 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-16385 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. | |||||
| CVE-2019-16254 | 2 Debian, Ruby-lang | 2 Debian Linux, Ruby | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | |||||
| CVE-2019-15616 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | |||||
| CVE-2019-15259 | 1 Cisco | 1 Unified Contact Center Express | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits. | |||||
| CVE-2019-13915 | 1 B3log | 1 Wide | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. An unzip operation leads to read access, and write access (depending on file permissions), to the symlink target. Third, the attacker can import a Git repository that contains a symlink, similarly leading to read and write access. | |||||
| CVE-2019-13285 | 1 Cososys | 1 Endpoint Protector | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. | |||||
| CVE-2019-13146 | 1 Field Test Project | 1 Field Test | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS). | |||||
| CVE-2019-12966 | 1 Fehelper Project | 1 Fehelper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. | |||||
| CVE-2019-12463 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ. | |||||