• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-116

CVE-2021-32067

February 23, 2023 by

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.

CVE-2021-32072

February 23, 2023 by

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods.

CVE-2021-31806

February 23, 2023 by

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.

CVE-2021-30640

February 23, 2023 by

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

CVE-2021-29854

February 23, 2023 by

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680.

CVE-2021-29872

February 23, 2023 by

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 – Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 12
  • Go to page 13
  • Go to page 14
  • Go to page 15
  • Go to page 16
  • Interim pages omitted …
  • Go to page 19
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE