113 matches found
Astra Linux - уязвимость в mod-wsgi
A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...
EUVD-2017-3754
Malware in sbrugna...
EUVD-2022-0159
Malicious code in bioql PyPI...
TencentOS Server 3: python39:3.9 (TSSA-2025:0340)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0340 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
mod_wsgi: Trusted Proxy Headers Removing Bypass
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
ROS-20240827-01
A vulnerability in the modwsgi module of the Apache web server is related to errors in X-Client-IP header processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to network services. access to network services...
BIT-MOD_WSGI-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
Advisory ROSA-SA-2024-2363
Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...
Amazon Linux 2 : mod_wsgi (ALASHTTPD_MODULES-2023-001)
It is, therefore, affected by a vulnerability as referenced in the ALAS2HTTPDMODULES-2023-001 advisory. A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI...
K16118: libXfont vulnerabilities CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211
Security Advisory Description CVE-2014-0209 Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the...
SUSE CVE-2007-4752
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...
EulerOS 2.0 SP8 : mod-wsgi (EulerOS-SA-2023-1328)
According to the versions of the mod-wsgi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pa...
Debian dla-3111 : libapache2-mod-wsgi - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3111 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 3111-1] mod-wsgi security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 15, 2022 https://wiki.debian.org/LTS -...
GHSA-7527-8855-9CF8 Incorrect header handling in mod-wsgi
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
Incorrect header handling in mod-wsgi
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
PYSEC-2022-254
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...