Lucene search
K

270 matches found

CVE
CVE
added 2020/03/11 7:5 p.m.161 views

CVE-2016-1000111

CVE-2016-1000111 affects Twisted before 16.3.1, where the Proxy header can initialize HTTP_PROXY for CGI scripts, enabling potential redirection of outbound traffic to an attacker-controlled proxy (httpoxy). Connected advisories (e.g., Red Hat RHSA-2018:0273, SUSE SUSE-SU-2017:0114-1, Ubuntu USN-...

5.3CVSS5AI score0.02406EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/12/10 3:15 p.m.33 views

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

6.1CVSS6.2AI score0.011EPSS
Exploits0References4
OSV
OSV
added 2019/12/10 3:15 p.m.3 views

DEBIAN-CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

6.1CVSS6.5AI score0.011EPSS
Exploits0References1
OSV
OSV
added 2019/12/10 3:15 p.m.25 views

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

6.1CVSS6.9AI score0.011EPSS
Exploits0References4
Prion
Prion
added 2019/12/10 3:15 p.m.15 views

Design/Logic Flaw

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

5.8CVSS7.2AI score0.011EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2019/12/10 3:15 p.m.3 views

UBUNTU-CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

6.1CVSS6.5AI score0.011EPSS
Exploits0References3
OSV
OSV
added 2019/05/15 8:29 p.m.2 views

CVE-2019-10111

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page...

5.4CVSS6.3AI score
Exploits0References3
Kitploit
Kitploit
added 2019/02/14 1:33 p.m.237 views

Lazygit - Simple Terminal UI For Git Commands

A simple terminal UI for git commands, written in Go with the gocui library. Are YOU tired of typing every git command directly into the terminal, but you're too stubborn to use Sourcetree because you'll never forgive Atlassian for making Jira? This is the app for you! Installation Homebrew brew...

7.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/01/31 10:9 p.m.113 views

Facebook Boots Hundreds of Iran-Linked Accounts For Spreading Misinformation

Facebook has booted hundreds of Iran-linked pages, groups and accounts from its social media platform that it claimed were promoting misinformation. According to Facebook, it removed 783 pages, groups and accounts that engaged in “coordinated inauthentic behavior” that were misleading users about...

1.5AI score
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.32 views

Fedora 29 : 32:bind (2018-a54e46032f)

Update to bind-9.11.4-P2 - Add /dev/urandom to chroot 1631515 - Fix multilib conflicts of devel package - Add support for OpenSSL provided random data Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

6.5CVSS6.8AI score0.03451EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.29 views

Fedora 28 : 32:bind (2018-f22b937f52)

Update to bind-9.11.4-P2 - Add /dev/urandom to chroot 1631515 - Fix multilib conflicts of devel package - Add support for OpenSSL provided random data Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

6.5CVSS6.8AI score0.03451EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.55 views

SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2017:0855-1)

This update for nodejs4 fixes the following issues : - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 - No changes in LTS version 4.7.2 - New upstream LTS release 4.7.1 - build:...

7.5CVSS8AI score0.57595EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2018/12/05 6:51 p.m.4 views

openstack-neutron: A router interface out of subnet IP range results in a denial of service

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...

6.5CVSS5.8AI score0.02527EPSS
Exploits0References4
ALT Linux
ALT Linux
added 2018/11/08 12:0 a.m.20 views

Security fix for the ALT Linux 8 package postgresql11-1C version 10.6-alt0.M80P.1

Nov. 8, 2018 Alexei Takaseev 10.6-alt0.M80P.1 - Backport to P8 - 10.6 - Fix CVE-2018-16850 - Add conflicts to PG 11...

7.5CVSS9.4AI score0.0515EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/09 11:1 a.m.33 views

The US National Cyber Strategy

Last month, the White House released the "National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad generalities. Who can argue with: Defend the homeland by protecting networks, systems, functions, and dat...

1.3AI score
Exploits0
Microsoft KB
Microsoft KB
added 2018/09/27 12:0 a.m.5 views

February 9, 2016 — KB3135173 (OS Build 10586.104)

February 9, 2016 — KB3135173 OS Build 10586.104 This update includes quality improvements and security fixes. No new operating system features are being introduced this month. Key changes in this update include: Fixed issues with authentication, update installation, and operating system...

8AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2018/09/15 3:12 p.m.75 views

Security update for curl (moderate)

This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code bsc1106019 This non-security issue was fixed: - Use OPENSSLconfig instead of CONFmodulesloadfile to avoid crashes due to openssl engines...

1.9AI score0.10823EPSS
Exploits0References2
OSV
OSV
added 2018/09/10 7:29 p.m.5 views

UBUNTU-CVE-2018-14635

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...

6.5CVSS5.8AI score0.02527EPSS
Exploits0References2
OSV
OSV
added 2018/07/26 2:28 p.m.10 views

SUSE-SU-2018:2068-1 Security update for java-1_8_0-ibm

IBM Java was updated to version 8.0.5.15 bsc1093311, bsc1085449 Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the...

8.3CVSS6.5AI score0.15141EPSS
Exploits0References16
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.34 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM UrbanCode Build (CVE-2014-0227)

Summary Apache Tomcat is vulnerable to HTTP request smuggling. Apache Tomcat is used by IBM UrbanCode Build. Vulnerability Details CVE-ID: CVE-2014-0227 Description: Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed...

6.4CVSS0.9AI score0.21045EPSS
Exploits0Affected Software1
Rows per page
Query Builder