CWE:
 

Topic
Date
Author
Low
SmarterStats 11.3.6347 Cross Site Scripting
02.10.2017
David Hoyt
High
Dropbear SSHD xauth Command Injection / Bypass
17.03.2016
dropbear
High
OpenSSH 7.2p1 xauth Command Injection / Bypass
16.03.2016
tintinweb
Low
NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities
08.03.2015
Wang Jing


CVEMAP Search Results

CVE
Details
Description
2019-08-07
Medium
CVE-2016-10803

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).

 
2019-06-27
Low
CVE-2018-6148

Vendor: Google
Software: Chrome
 

 
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

 
2019-05-17
Medium
CVE-2018-19585

Vendor: Gitlab
Software: Gitlab
 

 
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

 
2019-04-30
Low
CVE-2019-10272

Vendor: Weaver
Software: E-cology
 

 
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.

 
2019-04-15
Low
CVE-2019-11236

Vendor: Python
Software: Urllib3
 

 
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

 
2019-03-31
Medium
CVE-2019-10678

Vendor: Domoticz
Software: Domoticz
 

 
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.

 
2019-03-23
Low
CVE-2019-9947

Vendor: Python
Software: Python
 

 
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.

 
2019-03-13
Low
CVE-2019-9741

Vendor: Golang
Software: GO
 

 
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.

 
2019-03-12
Low
CVE-2019-9740

Vendor: Python
Software: Python
 

 
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.

 
2019-02-03
Medium
CVE-2019-7313

Updating...
 

 
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top