18 matches found
CVE-2019-16792
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...
gstreamer-plugins-bad-free security update
0.10.23-24 - Patch CVE-2023-44446: MXF demuxer use-after-free - Disable gtk-doc to fix the build - Resolves: RHEL-16792...
Debian: Security Advisory (DLA-3000-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-16792
...
CVE-2020-16792
CVE-2020-16792 is rejected/not used; this CVE ID does not represent an active vulnerability entry.
SUSE: Security Advisory (SUSE-SU-2020:3269-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : python-waitress (openSUSE-2020-1922)
This update for python-waitress to 1.4.3 fixes the following security issues : - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...
openSUSE Security Update : python-waitress (openSUSE-2020-1911)
This update for python-waitress to 1.4.3 fixes the following security issues : - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...
SUSE-SU-2020:3269-1 Security update for python-waitress
This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...
CVE-2019-16792
creationtimestamp| type| source ---|---|--- 2020-01-23 01:37:54+00:00| seen| https://t.me/cveNotify/383...
CVE-2019-16792
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...
CVE-2019-16792
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...
CVE-2019-16792
CVE-2019-16792 affects Waitress up to version 1.3.1, where sending two Content-Length headers can cause a request to be treated as having no body and the body of the request becoming a new request in HTTP pipelining. The issue is caused by header folding of a double Content-Length and an inabilit...
chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16792 via waitress (>=0.8.10 <=1.3.1)
waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16792 Source advisory: OSV:GHSA-4PPP-GPCR-7QF6...
FreeBSD : rubygem-geminabox -- XSS vulnerabilities (27b38d85-c891-11e7-a7bd-cd1209e563f2)
NVD reports : Stored cross-site scripting XSS vulnerability in 'geminabox' Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the 'homepage' value of a '.gemspec' file, related to views/gem.erb and views/index.erb. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2017-16792
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-16792
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-16792
Gem in a Box (geminabox) prior to version 0.13.10 is affected by a stored XSS vulnerability. An attacker can inject arbitrary script via the homepage field in a .gemspec, related to the views/gem.erb and views/index.erb templates. The CVE-2017-16792 entry is corroborated by multiple sources (incl...