CVE-2019-13980

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads//originals remote code execution with nginx...

NGINX njs buffer overflow vulnerability (CNVD-2019-23077)

NGINX is the United States NGINX company a lightweight Web server/reverse proxy server and e-mail IMAP/POP3 proxy server. njs is one of the support for extending the functionality of NGINX scripting language components . A buffer overflow vulnerability exists in nxtvsprintf in the nxt/nxtsprintf....

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxtvsprintf in nxt/nxtsprintf.c during error handling, as demonstrated by an njsregexpliteral call that leads to an njsparserlexererror call and then an njsparserscopeerror call...

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxtvsprintf in nxt/nxtsprintf.c during error handling, as demonstrated by an njsregexpliteral call that leads to an njsparserlexererror call and then an njsparserscopeerror call...

Heap overflow

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxtvsprintf in nxt/nxtsprintf.c during error handling, as demonstrated by an njsregexpliteral call that leads to an njsparserlexererror call and then an njsparserscopeerror call...

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxtvsprintf in nxt/nxtsprintf.c during error handling, as demonstrated by an njsregexpliteral call that leads to an njsparserlexererror call and then an njsparserscopeerror call...

CVE-2019-13617

CVE-2019-13617 affects njs up to 0.3.3 used in NGINX. The vulnerability is a heap-based buffer over-read in nxt_vsprintf (nxt/nxt_sprintf.c) during error handling, demonstrated by an njs_regexp_literal path that triggers njs_parser_lexer_error and then njs_parser_scope_error. Impact described as ...

JShielder v2.4 - Hardening Script For Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G

JSHielder is an Open Source Bash Script developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux...

Invenio-App vulnerable to host header injection attack

APPALLOWEDHOSTS not always preventing host header injection Impact A possible host header injection attack have been identified in Invenio-App. For an attack to be possible, all conditions below must be met: 1. Your webserver must have been configured to route all requests to your application. 2...

GHSA-94MF-XFG5-R247 Invenio-App vulnerable to host header injection attack

APPALLOWEDHOSTS not always preventing host header injection Impact A possible host header injection attack have been identified in Invenio-App. For an attack to be possible, all conditions below must be met: 1. Your webserver must have been configured to route all requests to your application. 2...

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. This issue occurs after the fix for CVE-2019-12207 is in place...

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. This issue occurs after the fix for CVE-2019-12207 is in place...

Design/Logic Flaw

njs through 0.3.3, used in NGINX, has a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. This issue occurs after the fix for CVE-2019-12207 is in place...

CVE-2019-13067

CVE-2019-13067 affects njs up to 0.3.3, used in NGINX. It is a buffer over-read in nxt_utf8_decode (nxt/nxt_utf8.c) occurring after the CVE-2019-12207 fix. CVSS: 2.0/3.0 vectors indicate HIGH/CRITICAL impact. Connected documents confirm the same root cause and describe remediation steps for IBM C...

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. This issue occurs after the fix for CVE-2019-12207 is in place...

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

Design/Logic Flaw

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

openSUSE Security Update : rmt-server (openSUSE-2019-1527)

This update for rmt-server to version 2.1.4 fixes the following issues : - Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 - Mirror additional repos that were enabled during mirroring bsc1132690 - Make service IDs consistent across different RMT instances bsc1134428 - Make SMT data...