Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.7 views

CVE-2019-16792

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...

7.5CVSS6.3AI score0.02122EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2024/01/18 12:0 a.m.42 views

gstreamer-plugins-bad-free security update

0.10.23-24 - Patch CVE-2023-44446: MXF demuxer use-after-free - Disable gtk-doc to fix the build - Resolves: RHEL-16792...

8.8CVSS6.8AI score0.01744EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/05/13 12:0 a.m.23 views

Debian: Security Advisory (DLA-3000-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.8AI score0.02714EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/12/20 10:51 p.m.11 views

CVE-2020-16792

...

Exploits0
CVE
CVE
added 2021/12/20 10:51 p.m.36 views

CVE-2020-16792

CVE-2020-16792 is rejected/not used; this CVE ID does not represent an active vulnerability entry.

6.7AI score
Exploits0
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2020:3269-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS6.5AI score0.02714EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2020/11/17 12:0 a.m.30 views

openSUSE Security Update : python-waitress (openSUSE-2020-1922)

This update for python-waitress to 1.4.3 fixes the following security issues : - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...

8.2CVSS6.3AI score0.02714EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2020/11/17 12:0 a.m.41 views

openSUSE Security Update : python-waitress (openSUSE-2020-1911)

This update for python-waitress to 1.4.3 fixes the following security issues : - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...

8.2CVSS6.3AI score0.02714EPSS
Exploits1References8
OSV
OSV
added 2020/11/10 2:58 p.m.10 views

SUSE-SU-2020:3269-1 Security update for python-waitress

This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...

8.2CVSS7.7AI score0.02714EPSS
Exploits1References9
Circl
Circl
added 2020/01/23 1:37 a.m.7 views

CVE-2019-16792

creationtimestamp| type| source ---|---|--- 2020-01-23 01:37:54+00:00| seen| https://t.me/cveNotify/383...

7.5CVSS6.1AI score0.02122EPSS
Exploits0References1
NVD
NVD
added 2020/01/22 7:15 p.m.16 views

CVE-2019-16792

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...

7.5CVSS6.9AI score0.02122EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2020/01/22 7:15 p.m.38 views

CVE-2019-16792

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...

7.5CVSS6.8AI score0.02122EPSS
Exploits0References3
CVE
CVE
added 2020/01/22 6:30 p.m.197 views

CVE-2019-16792

CVE-2019-16792 affects Waitress up to version 1.3.1, where sending two Content-Length headers can cause a request to be treated as having no body and the body of the request becoming a new request in HTTP pipelining. The issue is caused by header folding of a double Content-Length and an inabilit...

7.5CVSS6.9AI score0.02122EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2019/12/20 11:4 p.m.2 views

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16792 via waitress (>=0.8.10 <=1.3.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16792 Source advisory: OSV:GHSA-4PPP-GPCR-7QF6...

7.5CVSS6.7AI score0.02122EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/11/14 12:0 a.m.9 views

FreeBSD : rubygem-geminabox -- XSS vulnerabilities (27b38d85-c891-11e7-a7bd-cd1209e563f2)

NVD reports : Stored cross-site scripting XSS vulnerability in 'geminabox' Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the 'homepage' value of a '.gemspec' file, related to views/gem.erb and views/index.erb. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

6.1CVSS6AI score0.01084EPSS
Exploits0References2
NVD
NVD
added 2017/11/13 9:29 a.m.24 views

CVE-2017-16792

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

6.1CVSS5.9AI score0.01084EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/11/13 9:0 a.m.28 views

CVE-2017-16792

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

5.9AI score0.01084EPSS
Exploits0References3
CVE
CVE
added 2017/11/13 9:0 a.m.77 views

CVE-2017-16792

Gem in a Box (geminabox) prior to version 0.13.10 is affected by a stored XSS vulnerability. An attacker can inject arbitrary script via the homepage field in a .gemspec, related to the views/gem.erb and views/index.erb templates. The CVE-2017-16792 entry is corroborated by multiple sources (incl...

6.1CVSS5.8AI score0.01084EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder