Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-7830
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially craf...
Schneider-electric Modicom M340 Firmware
Schneider-electric Modicom Premium Firmware
Schneider-electric Modicom Quantum Firmware
Schneider-electric Modicom Bmxnor0200h Firmware
7.5
CVSSv3
CVE-2018-18074
The Requests package prior to 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote malicious users to discover credentials by sniffing the network.
Python Requests
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
11 Github repositories
7.5
CVSSv3
CVE-2018-12477
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote malicious users to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5...
Opensuse Leap 42.3
Opensuse Leap 15.0
7.5
CVSSv3
CVE-2018-1000164
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. Thi...
Gunicorn Gunicorn 19.4.5
Debian Debian Linux 7.0
Debian Debian Linux 8.0
2 Github repositories
7.5
CVSSv3
CVE-2017-4928
The flash-based vSphere Web Client (6.0 before 6.0 U3c and 5.5 before 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified...
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.0
7.5
CVSSv3
CVE-2016-8022
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and previous versions) allows remote unauthenticated malicious user to execute arbitrary code or cause a denial of service via a crafted authentication cookie.
Mcafee Virusscan Enterprise
1 EDB exploit
1 Article
7.5
CVSSv3
CVE-2016-4803
CRLF injection vulnerability in the send email functionality in dotCMS prior to 3.3.2 allows remote malicious users to inject arbitrary email headers via CRLF sequences in the subject.
Dotcms Dotcms
7.2
CVSSv3
CVE-2020-26116
http.client in Python 3.x prior to 3.5.10, 3.6.x prior to 3.6.12, 3.7.x prior to 3.7.9, and 3.8.x prior to 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnecti...
Python Python
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Netapp Solidfire -
Netapp Hci Storage Node -
Debian Debian Linux 9.0
Oracle Zfs Storage Appliance Kit 8.8
Opensuse Leap 15.1
1 Github repository
7.1
CVSSv3
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote malicious user to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This ...
Proxmox Proxmox Mail Gateway -
Proxmox Pve Http Server
Proxmox Virtual Environment -
6.5
CVSSv3
CVE-2023-34472
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.
Ami Megarac Sp-x 12
Ami Megarac Sp-x 13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »