Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10678 | 1 Domoticz | 1 Domoticz | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options. | |||||
| CVE-2019-10272 | 1 Weaver | 1 E-cology | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring. | |||||
| CVE-2018-6148 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2018-19585 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. | |||||
| CVE-2018-12477 | 1 Opensuse | 1 Leap | 2024-11-21 | 6.4 MEDIUM | 3.5 LOW |
| A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce. | |||||
| CVE-2018-1000164 | 2 Debian, Gunicorn | 2 Debian Linux, Gunicorn | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. | |||||
| CVE-2017-8791 | 1 Accellion | 1 File Transfer Appliance | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. | |||||
| CVE-2017-8788 | 1 Accellion | 1 File Transfer Appliance | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. | |||||
| CVE-2017-7528 | 1 Redhat | 2 Ansible Tower, Cloudforms Management Engine | 2024-11-21 | 3.3 LOW | 5.2 MEDIUM |
| Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback). | |||||
| CVE-2017-6508 | 1 Gnu | 1 Wget | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | |||||
| CVE-2017-5868 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/. | |||||
| CVE-2017-2111 | 1 Iodata | 14 Ts-ptcam, Ts-ptcam\/poe, Ts-ptcam\/poe Firmware and 11 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. | |||||
| CVE-2017-18587 | 1 Hyper | 1 Hyper | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. | |||||
| CVE-2017-15400 | 1 Google | 1 Chrome Os | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. | |||||
| CVE-2017-14037 | 1 Crushftp | 1 Crushftp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. | |||||
| CVE-2016-9964 | 2 Bottlepy, Debian | 2 Bottle, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | |||||
| CVE-2016-6484 | 1 Infoblox | 1 Netmri | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. | |||||
| CVE-2016-5331 | 1 Vmware | 2 Esxi, Vcenter Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2016-4993 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2016-4975 | 1 Apache | 1 Http Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). | |||||