OPENSUSE-SU-2021:1424-1 Security update for civetweb

This update for civetweb fixes the following issues: Version 1.15: boo1191938 / CVE-2020-27304: missing uploaded filepath validation in the default form-based file upload mechanism New configuration for URL decoding Sanitize filenames in handle form Example “embeddedc.c”: Do not overwrite files...

Security update for civetweb (moderate)

openSUSE Security Update: Security update for civetweb Announcement ID: openSUSE-SU-2021:1424-1 Rating: moderate References: 1191938 Cross-References: CVE-2020-27304 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for civetwe...

Path traversal

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

PT-2021-18238 · Hedgedoc · Hedgedoc

Name of the Vulnerable Software and Affected Versions: HedgeDoc affected versions not specified Description: The issue is related to an improper input validation in HedgeDoc, allowing an attacker to perform a relative path traversal and read arbitrary .md files from the server's filesystem. This...

USN-4860-1: Monit vulnerabilities

Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks. CVE-2019-11454 Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to...

CentOS 8 : libreoffice (CESA-2020:1598)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1598 advisory. - libreoffice: Remote resources protection module not applied to bullet graphics CVE-2019-9849 - libreoffice: Insufficient URL validation allowing...

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

UBUNTU-CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

EUVD-2020-28204

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

Ubuntu: Security Advisory (USN-4446-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-4446-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4446-1 advisory. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform...

USN-4446-1 squid3 vulnerabilities

Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. CVE-2019-12520 Jeriko One and Kristoffer Danielsson discovered that Squid...

OSV-2020-373 UNKNOWN READ in url_decode

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14501 Crash type: UNKNOWN READ Crash state: urldecode parsekeyvalues fuzzparsehttprequest...

CVE-2019-12524

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is...

RHEL 7 : libreoffice (RHSA-2020:1151)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1151 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

Design/Logic Flaw

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...