114 matches found
SUSE: Security Advisory (SUSE-SU-2022:4013-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:4010-1 Security update for apache2-mod_wsgi
This update for apache2-modwsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. bsc1201634...
CVE-2022-2255 affecting package mod_wsgi for versions less than 4.9.3-2
CVE-2022-2255 affecting package modwsgi for versions less than 4.9.3-2. An upgraded version of the package is available that resolves this issue...
Debian: Security Advisory (DLA-3111-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3111 : libapache2-mod-wsgi - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3111 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 3111-1] mod-wsgi security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 15, 2022 https://wiki.debian.org/LTS -...
CVE-2022-2255
creationtimestamp| type| source ---|---|--- 2022-08-25 22:24:07+00:00| seen| https://t.me/cibsecurity/48796 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/...
CVE-2022-2255
CVE-2022-2255 affects mod_wsgi: a request from an untrusted proxy can carry the X-Client-IP header to the WSGI app because the removal condition is missing. Impact: potential header spoofing bypass. Affected versions are older mod_wsgi; multiple advisories indicate remediation via upgrading to no...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
Mageia: Security Advisory (MGASA-2022-0289)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : mod-wsgi vulnerability (USN-5551-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5551-1 advisory. It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote...
Ubuntu: Security Advisory (USN-5551-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-2255
Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite component: Authoring. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts...
CVE-2021-2255
Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite component: Authoring. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts...
CVE-2021-2255
CVE-2021-2255 is a vulnerability in Oracle E-Business Suite, specifically the Oracle Service Contracts Authoring component. Affected versions are 12.1.1–12.1.3; an unauthenticated, low-privileged attacker with network access via HTTP can compromise Oracle Service Contracts, leading to unauthorize...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11.318 jenkins-2-plugins security update
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.1 package security update
An update for jenkins-2-plugins, openshift-clients, podman, runc, and skopeo is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2020-2255
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2020-2255
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2020-2255
CVE-2020-2255: Jenkins Blue Ocean Plugin 1.23.2 and earlier has a missing permission check in HTTP endpoints used for connection tests. This allows attackers with Overall/Read permission to connect to an attacker-specified URL from the vulnerable instance. The issue is documented across multiple ...