Lucene search
+L

199 matches found

nessus
nessus
added 2020/12/15 12:0 a.m.59 views

EulerOS 2.0 SP5 : golang (EulerOS-SA-2020-2548)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...

6.1CVSS6.9AI score0.03646EPSS
Exploits2References2
nessus
nessus
added 2020/12/14 12:0 a.m.65 views

EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-2512)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...

6.1CVSS6.9AI score0.03646EPSS
Exploits2References2
ibm
ibm
added 2020/12/09 4:42 a.m.34 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. Vulnerability Details CVEID: CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker...

6.1CVSS0.7AI score0.03646EPSS
Exploits2Affected Software1
amazon
amazon
added 2020/11/18 12:0 a.m.47 views

Medium: golang

Issue Overview: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Affected Packages: golang Issue Correction: Run yum update golang or yum update --advisory ALAS-2020-1445 to update your...

6.1CVSS6.9AI score0.03646EPSS
Exploits2
mageia
mageia
added 2020/11/15 3:45 p.m.101 views

Updated golang packages fix a security vulnerability

A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing fo...

6.1CVSS6.2AI score0.03646EPSS
Exploits2References3
amazon
amazon
added 2020/11/11 12:0 a.m.40 views

Medium: golang

Issue Overview: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

6.1CVSS6.9AI score0.03646EPSS
Exploits2
rocky
rocky
added 2020/11/03 12:31 p.m.19 views

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

1.8AI score
Exploits0
cbl_mariner
cbl_mariner
added 2020/09/09 6:9 a.m.22 views

CVE-2012-6687 affecting package fcgi 2.4.0-7

CVE-2012-6687 affecting package fcgi 2.4.0-7. A patched version of the package is available...

5CVSS7.5AI score0.06086EPSS
Exploits0
osv
osv
added 2020/09/02 5:15 p.m.28 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.1CVSS5.9AI score
Exploits0References10
prion
prion
added 2020/09/02 5:15 p.m.22 views

Type confusion

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

4.3CVSS6AI score0.03646EPSS
Exploits2References10Affected Software4
ubuntucve
ubuntucve
added 2020/09/02 5:15 p.m.36 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.1CVSS6.8AI score0.03646EPSS
Exploits2References6
cve
cve
added 2020/09/02 4:25 p.m.321 views

CVE-2020-24553

CVE-2020-24553 affects Go before 1.14.8 and 1.15.x before 1.15.1. If the Content-Type header is not set, net/http/cgi and net/http/fcgi default to text/html for CGI/FCGI handlers, enabling cross‑site scripting via crafted responses. Exploitation is described as a remote attacker being able to run...

6.1CVSS6AI score0.03646EPSS
Exploits2References10Affected Software1
cvelist
cvelist
added 2020/09/02 4:25 p.m.33 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.2AI score0.03646EPSS
Exploits2References10
debiancve
debiancve
added 2020/09/02 4:25 p.m.29 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.1CVSS6.7AI score0.03646EPSS
Exploits2
alpinelinux
alpinelinux
added 2020/09/02 4:25 p.m.626 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.1CVSS6.5AI score0.03646EPSS
Exploits2
nessus
nessus
added 2020/09/02 12:0 a.m.43 views

FreeBSD : go -- net/http/cgi, net/http/fcgi: XSS (XSS) when Content-Type is not specified (67b050ae-ec82-11ea-9071-10c37b4ac2ea)

The Go project reports : When a Handler does not explicitly set the Content-Type header, both CGI implementations default to 'text/html'. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly...

6.1CVSS6.9AI score0.03646EPSS
Exploits2References3
freebsd
freebsd
added 2020/08/20 12:0 a.m.30 views

go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified

The Go project reports: When a Handler does not explicitly set the Content-Type header, both CGI implementations default to “text/html”. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly return...

6.1CVSS1AI score0.03646EPSS
Exploits2References1
osv
osv
added 2019/12/04 7:15 p.m.3 views

CVE-2019-19229

admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 HM 1.12.1 allows action=download&filename= Directory Traversal...

6.5CVSS6.9AI score0.02314EPSS
Exploits3References3
nessus
nessus
added 2019/01/03 12:0 a.m.12 views

Fedora 29 : php (2018-08ceba4f8f)

PHP version 7.2.12 08 Nov 2018 Core: - Fixed bug php76846 Segfault in shutdown function after memory limit error. Nikita - Fixed bug php76946 Cyclic reference in generator not detected. Nikita - Fixed bug php77035 The phpize and ./configure create redundant .deps file. Peter Kokot - Fixed bug...

5.5AI score
Exploits0References1
nessus
nessus
added 2019/01/03 12:0 a.m.13 views

Fedora 28 : php (2018-6855bf9ff3)

PHP version 7.2.12 08 Nov 2018 Core: - Fixed bug php76846 Segfault in shutdown function after memory limit error. Nikita - Fixed bug php76946 Cyclic reference in generator not detected. Nikita - Fixed bug php77035 The phpize and ./configure create redundant .deps file. Peter Kokot - Fixed bug...

5.5AI score
Exploits0References1
Rows per page
Query Builder