CWE:
 

Tytuł
Data
Autor
Low
SmarterStats 11.3.6347 Cross Site Scripting
02.10.2017
David Hoyt
High
Dropbear SSHD xauth Command Injection / Bypass
17.03.2016
dropbear
High
OpenSSH 7.2p1 xauth Command Injection / Bypass
16.03.2016
tintinweb
Low
NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities
08.03.2015
Wang Jing


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-02-18
Medium
CVE-2022-0666

Vendor: Microweber
Software: Microweber
 

 
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

 
2021-12-12
Medium
CVE-2021-4097

Vendor: Phpservermonitor
Software: Php server m...
 

 
phpservermon is vulnerable to Improper Neutralization of CRLF Sequences

 
2021-08-27
Waiting for details
CVE-2021-39172

Updating...
 

 
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.

 
2019-08-26
Medium
CVE-2017-18587

Vendor: Hyper
Software: Hyper
 

 
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.

 
2019-08-07
Medium
CVE-2016-10803

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).

 
2019-06-27
Low
CVE-2018-6148

Vendor: Google
Software: Chrome
 

 
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

 
2019-05-17
Medium
CVE-2018-19585

Vendor: Gitlab
Software: Gitlab
 

 
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

 
2019-04-30
Low
CVE-2019-10272

Vendor: Weaver
Software: E-cology
 

 
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.

 
2019-04-15
Low
CVE-2019-11236

Vendor: Python
Software: Urllib3
 

 
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

 
2019-03-31
Medium
CVE-2019-10678

Vendor: Domoticz
Software: Domoticz
 

 
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top