270 matches found
CVE-2016-1000111
CVE-2016-1000111 affects Twisted before 16.3.1, where the Proxy header can initialize HTTP_PROXY for CGI scripts, enabling potential redirection of outbound traffic to an attacker-controlled proxy (httpoxy). Connected advisories (e.g., Red Hat RHSA-2018:0273, SUSE SUSE-SU-2017:0114-1, Ubuntu USN-...
CVE-2016-1000108
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...
DEBIAN-CVE-2016-1000108
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...
CVE-2016-1000108
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...
Design/Logic Flaw
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...
UBUNTU-CVE-2016-1000108
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...
CVE-2019-10111
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page...
Lazygit - Simple Terminal UI For Git Commands
A simple terminal UI for git commands, written in Go with the gocui library. Are YOU tired of typing every git command directly into the terminal, but you're too stubborn to use Sourcetree because you'll never forgive Atlassian for making Jira? This is the app for you! Installation Homebrew brew...
Facebook Boots Hundreds of Iran-Linked Accounts For Spreading Misinformation
Facebook has booted hundreds of Iran-linked pages, groups and accounts from its social media platform that it claimed were promoting misinformation. According to Facebook, it removed 783 pages, groups and accounts that engaged in “coordinated inauthentic behavior” that were misleading users about...
Fedora 29 : 32:bind (2018-a54e46032f)
Update to bind-9.11.4-P2 - Add /dev/urandom to chroot 1631515 - Fix multilib conflicts of devel package - Add support for OpenSSL provided random data Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
Fedora 28 : 32:bind (2018-f22b937f52)
Update to bind-9.11.4-P2 - Add /dev/urandom to chroot 1631515 - Fix multilib conflicts of devel package - Add support for OpenSSL provided random data Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2017:0855-1)
This update for nodejs4 fixes the following issues : - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 - No changes in LTS version 4.7.2 - New upstream LTS release 4.7.1 - build:...
openstack-neutron: A router interface out of subnet IP range results in a denial of service
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
Security fix for the ALT Linux 8 package postgresql11-1C version 10.6-alt0.M80P.1
Nov. 8, 2018 Alexei Takaseev 10.6-alt0.M80P.1 - Backport to P8 - 10.6 - Fix CVE-2018-16850 - Add conflicts to PG 11...
The US National Cyber Strategy
Last month, the White House released the "National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad generalities. Who can argue with: Defend the homeland by protecting networks, systems, functions, and dat...
February 9, 2016 — KB3135173 (OS Build 10586.104)
February 9, 2016 — KB3135173 OS Build 10586.104 This update includes quality improvements and security fixes. No new operating system features are being introduced this month. Key changes in this update include: Fixed issues with authentication, update installation, and operating system...
Security update for curl (moderate)
This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code bsc1106019 This non-security issue was fixed: - Use OPENSSLconfig instead of CONFmodulesloadfile to avoid crashes due to openssl engines...
UBUNTU-CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
SUSE-SU-2018:2068-1 Security update for java-1_8_0-ibm
IBM Java was updated to version 8.0.5.15 bsc1093311, bsc1085449 Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM UrbanCode Build (CVE-2014-0227)
Summary Apache Tomcat is vulnerable to HTTP request smuggling. Apache Tomcat is used by IBM UrbanCode Build. Vulnerability Details CVE-ID: CVE-2014-0227 Description: Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed...