Total
1885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18348 | 2 Python, Redhat | 2 Python, Rhel Software Collections | 2024-11-21 | 6.1 Medium |
| An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. | ||||
| CVE-2019-17513 | 1 Ratpack Project | 1 Ratpack | 2024-11-21 | 7.5 High |
| An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. | ||||
| CVE-2019-17123 | 1 Egain | 1 Mail | 2024-11-21 | 7.5 High |
| The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.) | ||||
| CVE-2019-17068 | 2 Opensuse, Putty | 2 Leap, Putty | 2024-11-21 | 7.5 High |
| PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | ||||
| CVE-2019-16771 | 1 Linecorp | 1 Armeria | 2024-11-21 | 4.8 Medium |
| Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking. | ||||
| CVE-2019-16532 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.1 Medium |
| An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections. | ||||
| CVE-2019-16468 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 7.5 High |
| Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-16385 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-11-21 | 6.1 Medium |
| Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. | ||||
| CVE-2019-16254 | 3 Debian, Redhat, Ruby-lang | 6 Debian Linux, Enterprise Linux, Rhel E4s and 3 more | 2024-11-21 | 5.3 Medium |
| Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | ||||
| CVE-2019-15616 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | ||||
| CVE-2019-13915 | 1 B3log | 1 Wide | 2024-11-21 | N/A |
| b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. An unzip operation leads to read access, and write access (depending on file permissions), to the symlink target. Third, the attacker can import a Git repository that contains a symlink, similarly leading to read and write access. | ||||
| CVE-2019-13285 | 1 Cososys | 1 Endpoint Protector | 2024-11-21 | 7.5 High |
| CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. | ||||
| CVE-2019-13146 | 1 Field Test Project | 1 Field Test | 2024-11-21 | N/A |
| The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS). | ||||
| CVE-2019-12966 | 1 Fehelper Project | 1 Fehelper | 2024-11-21 | N/A |
| FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. | ||||
| CVE-2019-12463 | 1 Librenms | 1 Librenms | 2024-11-21 | 8.8 High |
| An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ. | ||||
| CVE-2019-12425 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 High |
| Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host | ||||
| CVE-2019-12416 | 1 Apache | 1 Deltaspike | 2024-11-21 | 6.1 Medium |
| we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. | ||||
| CVE-2019-12303 | 1 Suse | 1 Rancher | 2024-11-21 | N/A |
| In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. | ||||
| CVE-2019-11718 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 5.3 Medium |
| Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11354 | 1 Ea | 1 Origin | 2024-11-21 | 7.8 High |
| The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication. | ||||