PYSEC-2019-126

DISPUTED In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. T...

PYSEC-2019-126

DISPUTED In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. T...

Apache: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-17199 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by checking the session expiry time before...

emacs, mercurial security update

CentOS Errata and Security Advisory CESA-2019:2276 An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

CentOS 7 : mercurial (CESA-2019:2276)

An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-4113-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4113-1 advisory. Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some...

USN-4113-1: Apache HTTP Server vulnerabilities

Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service daemon crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04...

CVE-2019-15782

WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...

CVE-2019-15782

WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...

Cross site scripting

WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...

CVE-2019-15782

WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...

Debian: Security Advisory (DLA-1900-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1900-1] apache2 security update

Package : apache2 Version : 2.4.10-10+deb8u15 CVE ID : CVE-2019-10092 CVE-2019-10098 Two security vulnerabilities were found in the Apache HTTP server. CVE-2019-10092 Matei "Mal" Badanoiu reported a limited cross-site scripting vulnerability in the modproxy error page. CVE-2019-10098 Yukitsugu...

Scientific Linux Security Update : mercurial on SL7.x x86_64 (20190806)

Security Fixes : - mercurial: Buffer underflow in mpatch.c:mpatchapply CVE-2018-13347 - mercurial: HTTP server permissions bypass CVE-2018-1000132 - mercurial: Missing check for fragment start position in mpatch.c:mpatchapply CVE-2018-13346 C Tenable Network Security, Inc. The descriptive text is...

EulerOS 2.0 SP8 : exiv2 (EulerOS-SA-2019-1830)

According to the versions of the exiv2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-1835)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request...

openITCOCKPIT 3.6.1-2 Cross Site Request Forgery

Exploit Title: openITCOCKPIT 3.6.1-2 - CSRF 2 RCE Google Dork: N/A Date: 26-08-2019 Exploit Author: Julian Rittweger Vendor Homepage: https://openitcockpit.io/ Software Link: https://github.com/it-novum/openITCOCKPIT/releases/tag/openITCOCKPIT-3.6.1-2 Fixed in: 3.7.1 |...

openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery

Exploit Title: openITCOCKPIT 3.6.1-2 - CSRF 2 RCE Google Dork: N/A Date: 26-08-2019 Exploit Author: Julian Rittweger Vendor Homepage: https://openitcockpit.io/ Software Link: https://github.com/it-novum/openITCOCKPIT/releases/tag/openITCOCKPIT-3.6.1-2 Fixed in: 3.7.1 |...

[SECURITY] [DSA 4508-1] h2o security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4508-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 24, 2019 https://www.debian.org/security/faq -...