[SECURITY] Fedora 30 Update: php-7.3.8-1.fc30

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Cross-Site Scripting

Overview All versions of min-http-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available...

Low: mod_http2

Issue Overview: A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 Affected Packages...

CVE-2016-10796

cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files SEC-130...

Design/Logic Flaw

cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files SEC-130...

httpd: mod_auth_digest: access control bypass due to race condition

A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

httpd: URL normalization inconsistency

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

Moderate: Red Hat Security Advisory: mercurial security update

An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2016-10786

cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys SEC-186...

Design/Logic Flaw

cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys SEC-186...

CVE-2016-10786

cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys SEC-186...

CVE-2017-18424

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt SEC-274...

CVE-2017-18429

In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination SEC-291...

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

Code injection

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

CVE-2017-18429

In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination SEC-291...

CVE-2017-18429

CVE-2017-18429 affects cPanel before 66.0.2. The issue is that Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). Several connected sources corroborate the same description, without detailing root cause, exploited vectors, or remediation steps in the pr...

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

CVE-2017-18428

CVE-2017-18428 affects cPanel prior to 66.0.2. During log processing, Apache HTTP Server domlogs become temporarily world-readable, exposing potentially sensitive log information. This is caused by the log handling behavior described in SEC-290. The vulnerability is a local issue with information...

CVE-2017-18424

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt SEC-274...