Lucene search
K

270 matches found

Github Security Blog
Github Security Blog
added 2021/04/30 5:32 p.m.56 views

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS5.4AI score0.02406EPSS
Exploits0References7Affected Software1
Oracle linux
Oracle linux
added 2021/04/07 12:0 a.m.246 views

kernel security and bug fix update

3.10.0-1160.24.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 = 15-2.0.9 - Update oraclekernel-sig-key...

7.8CVSS0.7AI score0.02079EPSS
Exploits3
UbuntuCve
UbuntuCve
added 2021/03/03 12:0 a.m.45 views

CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

9.8CVSS6.9AI score0.02281EPSS
Exploits0References3
OSV
OSV
added 2021/01/12 9:15 a.m.2 views

UBUNTU-CVE-2020-35654

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

8.8CVSS7.2AI score0.01789EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/12/22 10:50 a.m.87 views

Important: Red Hat Security Advisory: mariadb:10.3 security, bug fix, and enhancement update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9CVSS6.7AI score0.05539EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2020/12/22 9:25 a.m.71 views

Important: Red Hat Security Advisory: mariadb:10.3 security, bug fix, and enhancement update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

9CVSS6.9AI score0.05539EPSS
Exploits0References31
RedHat Linux
RedHat Linux
added 2020/12/15 5:27 p.m.80 views

Important: Red Hat Security Advisory: mariadb:10.3 security, bug fix, and enhancement update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9CVSS6.7AI score0.05539EPSS
Exploits0References20
OSV
OSV
added 2020/12/15 4:3 p.m.35 views

RLSA-2020:5500 Important: mariadb:10.3 security, bug fix, and enhancement update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.27, galera 25.3.31. BZ1899082, BZ1899086 Security Fixes: mariadb: Insufficient SST method name check leading to cod...

9CVSS7.6AI score0.05539EPSS
Exploits0References20
Veracode
Veracode
added 2020/12/15 3:24 a.m.34 views

Incorrect Preservation Of Namespace Prefixes

encoding/xml in github.com/golang/go is performing incorrect preservation of namespace prefixes. An attacker is able to provide malicious inputs to cause conflicts in the way of preserving the namespace prefixes on XML elements during tokenization round-trips...

9.8CVSS2.8AI score0.01942EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2020/12/14 12:0 a.m.11 views

Google Go encoding security vulnerability

Google Go encoding is a code library from Google Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in the Go encoding/xml package that stems from not properly preserving the semantics of attribute namespace prefixes during tokenizatio...

9.8CVSS6.9AI score0.02081EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/12/14 12:0 a.m.3 views

PT-2020-17182 · Go +1 · Encoding/Xml Package +1

Name of the Vulnerable Software and Affected Versions: encoding/xml package in Go all versions Description: The issue arises from the encoding/xml package in Go not correctly preserving the semantics of element namespace prefixes during tokenization round-trips. This allows an attacker to craft...

9.8CVSS7AI score0.01942EPSS
Exploits0References16
OPENSUSE Linux
OPENSUSE Linux
added 2020/08/17 12:0 a.m.53 views

Security update for postgresql, postgresql96, postgresql10, postgresql12 (moderate)

openSUSE Security Update: Security update for postgresql, postgresql96, postgresql10, postgresql12 Announcement ID: openSUSE-SU-2020:1228-1 Rating: moderate References: 1148643 1171924 1175193 1175194 Cross-References: CVE-2020-14349 CVE-2020-14350 Affected Products: openSUSE Leap 15.2 An update...

7.3CVSS7.1AI score0.02235EPSS
Exploits0References4
OSV
OSV
added 2020/07/06 3:8 p.m.3 views

SUSE-SU-2020:1858-1 Security update for permissions

This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues bsc1171883...

7.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/29 12:0 a.m.247 views

openSUSE Security Update : gcc9 (openSUSE-2020-716)

This update includes the GNU Compiler Collection 9. This update ships the GCC 9.3 release. A full changelog is provided by the GCC team on : https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgccs1, libstdc++6 and others are now built by the gcc 9 packages. ...

7.5CVSS6.4AI score0.03207EPSS
Exploits1References15
OpenVAS
OpenVAS
added 2020/05/27 12:0 a.m.40 views

openSUSE: Security Advisory for gcc9 (openSUSE-SU-2020:0716-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7AI score0.03207EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2020/04/09 12:0 a.m.5 views

Conflicting files in Internet Explorer favorites when Work Folders is installed in Windows 8.1

Conflicting files in Internet Explorer favorites when Work Folders is installed in Windows 8.1 This article describes a Work Folders issue in Windows 8.1. You can fix this issue by using the update in this article. Before you install this update, see the Prerequisites section. Symptoms User's...

6.5AI score
Exploits0
Oracle linux
Oracle linux
added 2020/04/06 12:0 a.m.93 views

ImageMagick security, bug fix, and enhancement update

autotrace 0.31.1-38 - Resolves: 1765205 rebuild against new IM emacs 1:24.3-23 - Resolves: 1765208 rebuild against new IM ImageMagick 6.9.10.68-3 - Fixing freeze when svg file contains class='' 6.9.10.68-2 - Fixed ghostscript fonts, fixed multilib conflicts 6.9.10.68-1 - Rebase to 6.9.10.68...

9.8CVSS1.8AI score0.05916EPSS
Exploits52
Tenable Nessus
Tenable Nessus
added 2020/03/31 12:0 a.m.27 views

F5 Networks BIG-IP : BIG-IP APM Portal Access vulnerability (K73183618)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.2 / 12.1.5.2 / 14.1.2.5 / 15.0.1.3 / 15.1.0.2 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K73183618 advisory. InBIG-IP APM Portal Access, HTTP pages that are served by back-end serve...

5.4CVSS5.7AI score0.00521EPSS
Exploits0References2
Prion
Prion
added 2020/03/11 8:15 p.m.19 views

Design/Logic Flaw

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5CVSS7AI score0.02406EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/03/11 7:5 p.m.10 views

CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.1AI score0.02406EPSS
Exploits0References4
Rows per page
Query Builder