15 matches found
1851-unfilmed.org.uk Cross Site Scripting vulnerability OBB-3478506
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
K22356857: APT remote code injection vulnerability CVE-2019-3462
Security Advisory Description Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. CVE-2019-3462 Impact There is no impact; F5...
CVE-2019-3462
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine...
Command injection
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...
theemcoe.org Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1135400 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
CVE-2019-3462
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine...
CVE-2019-3462
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine...
CVE-2019-3462
CVE-2019-3462 affects apt 1.4.8 and earlier due to incorrect sanitation of the 302 redirect field in the HTTP transport, enabling content injection by a MITM attacker and potentially leading to remote code execution. Public docs confirm the flaw is in apt’s redirect handling and that exploitation...
Advanced Package Tool Remote Code Execution (CVE-2019-3462)
A remote code execution vulnerability exists in Advanced Package Tool. The vulnerability is due to lack of sanitation on Location headers in HTTP responses. Successful exploitation could result in installation and execution of altered packages...
USN-3863-1: APT vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack,...
CVE-2019-3462
creationtimestamp| type| source ---|---|--- 2019-01-22 17:40:03+00:00| seen| https://t.me/canyoupwnme/5039 2019-01-23 08:41:50+00:00| seen| https://t.me/thehackernews/178 2019-01-23 11:22:52+00:00| seen| https://t.me/SecLabNews/4085 2019-01-31 10:11:02+00:00| published-proof-of-concept|...
Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details ...
[SECURITY] [DLA 1637-1] apt security update
Package : apt Version : 1.0.9.8.5 CVE ID : CVE-2019-3462 Debian Bug : Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesnt properly sanitize fields transmitted over the wire. This vulnerability could be...
CVE-2019-3462
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine...
Debian: Security Advisory (DLA-1637-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...