CWE:
 

Topic
Date
Author
Low
SmarterStats 11.3.6347 Cross Site Scripting
02.10.2017
David Hoyt
High
Dropbear SSHD xauth Command Injection / Bypass
17.03.2016
dropbear
High
OpenSSH 7.2p1 xauth Command Injection / Bypass
16.03.2016
tintinweb
Low
NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities
08.03.2015
Wang Jing


CVEMAP Search Results

CVE
Details
Description
2018-04-18
Medium
CVE-2018-1000164

Vendor: Gunicorn
Software: Gunicorn
 

 
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

 
2018-04-12
Low
CVE-2014-9563

Updating...
 

 
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd.

 
2018-02-07
High
CVE-2017-15400

Vendor: Google
Software: Chrome os
 

 
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.

 
2018-01-18
Medium
CVE-2014-2017

Updating...
 

 
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

 
2017-06-12
Low
CVE-2015-9096

Vendor: Ruby-lang
Software: RUBY
 

 
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

 
2016-09-26
Low
CVE-2016-4993

Vendor: Redhat
Software: Jboss enterp...
 

 
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top