270 matches found
Forced Browsing in Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
kernel security and bug fix update
3.10.0-1160.24.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 = 15-2.0.9 - Update oraclekernel-sig-key...
CVE-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...
UBUNTU-CVE-2020-35654
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...
Important: Red Hat Security Advisory: mariadb:10.3 security, bug fix, and enhancement update
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: mariadb:10.3 security, bug fix, and enhancement update
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
Important: Red Hat Security Advisory: mariadb:10.3 security, bug fix, and enhancement update
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RLSA-2020:5500 Important: mariadb:10.3 security, bug fix, and enhancement update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.27, galera 25.3.31. BZ1899082, BZ1899086 Security Fixes: mariadb: Insufficient SST method name check leading to cod...
Incorrect Preservation Of Namespace Prefixes
encoding/xml in github.com/golang/go is performing incorrect preservation of namespace prefixes. An attacker is able to provide malicious inputs to cause conflicts in the way of preserving the namespace prefixes on XML elements during tokenization round-trips...
Google Go encoding security vulnerability
Google Go encoding is a code library from Google Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in the Go encoding/xml package that stems from not properly preserving the semantics of attribute namespace prefixes during tokenizatio...
PT-2020-17182 · Go +1 · Encoding/Xml Package +1
Name of the Vulnerable Software and Affected Versions: encoding/xml package in Go all versions Description: The issue arises from the encoding/xml package in Go not correctly preserving the semantics of element namespace prefixes during tokenization round-trips. This allows an attacker to craft...
Security update for postgresql, postgresql96, postgresql10, postgresql12 (moderate)
openSUSE Security Update: Security update for postgresql, postgresql96, postgresql10, postgresql12 Announcement ID: openSUSE-SU-2020:1228-1 Rating: moderate References: 1148643 1171924 1175193 1175194 Cross-References: CVE-2020-14349 CVE-2020-14350 Affected Products: openSUSE Leap 15.2 An update...
SUSE-SU-2020:1858-1 Security update for permissions
This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues bsc1171883...
openSUSE Security Update : gcc9 (openSUSE-2020-716)
This update includes the GNU Compiler Collection 9. This update ships the GCC 9.3 release. A full changelog is provided by the GCC team on : https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgccs1, libstdc++6 and others are now built by the gcc 9 packages. ...
openSUSE: Security Advisory for gcc9 (openSUSE-SU-2020:0716-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Conflicting files in Internet Explorer favorites when Work Folders is installed in Windows 8.1
Conflicting files in Internet Explorer favorites when Work Folders is installed in Windows 8.1 This article describes a Work Folders issue in Windows 8.1. You can fix this issue by using the update in this article. Before you install this update, see the Prerequisites section. Symptoms User's...
ImageMagick security, bug fix, and enhancement update
autotrace 0.31.1-38 - Resolves: 1765205 rebuild against new IM emacs 1:24.3-23 - Resolves: 1765208 rebuild against new IM ImageMagick 6.9.10.68-3 - Fixing freeze when svg file contains class='' 6.9.10.68-2 - Fixed ghostscript fonts, fixed multilib conflicts 6.9.10.68-1 - Rebase to 6.9.10.68...
F5 Networks BIG-IP : BIG-IP APM Portal Access vulnerability (K73183618)
The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.2 / 12.1.5.2 / 14.1.2.5 / 15.0.1.3 / 15.1.0.2 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K73183618 advisory. InBIG-IP APM Portal Access, HTTP pages that are served by back-end serve...
Design/Logic Flaw
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
CVE-2016-1000111
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...