199 matches found
EulerOS 2.0 SP5 : golang (EulerOS-SA-2020-2548)
According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...
EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-2512)
According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. Vulnerability Details CVEID: CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker...
Medium: golang
Issue Overview: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Affected Packages: golang Issue Correction: Run yum update golang or yum update --advisory ALAS-2020-1445 to update your...
Updated golang packages fix a security vulnerability
A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing fo...
Medium: golang
Issue Overview: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...
new module: perl:5.30
An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...
CVE-2012-6687 affecting package fcgi 2.4.0-7
CVE-2012-6687 affecting package fcgi 2.4.0-7. A patched version of the package is available...
CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
Type confusion
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
CVE-2020-24553
CVE-2020-24553 affects Go before 1.14.8 and 1.15.x before 1.15.1. If the Content-Type header is not set, net/http/cgi and net/http/fcgi default to text/html for CGI/FCGI handlers, enabling cross‑site scripting via crafted responses. Exploitation is described as a remote attacker being able to run...
CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
FreeBSD : go -- net/http/cgi, net/http/fcgi: XSS (XSS) when Content-Type is not specified (67b050ae-ec82-11ea-9071-10c37b4ac2ea)
The Go project reports : When a Handler does not explicitly set the Content-Type header, both CGI implementations default to 'text/html'. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly...
go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
The Go project reports: When a Handler does not explicitly set the Content-Type header, both CGI implementations default to “text/html”. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly return...
CVE-2019-19229
admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 HM 1.12.1 allows action=download&filename= Directory Traversal...
Fedora 29 : php (2018-08ceba4f8f)
PHP version 7.2.12 08 Nov 2018 Core: - Fixed bug php76846 Segfault in shutdown function after memory limit error. Nikita - Fixed bug php76946 Cyclic reference in generator not detected. Nikita - Fixed bug php77035 The phpize and ./configure create redundant .deps file. Peter Kokot - Fixed bug...
Fedora 28 : php (2018-6855bf9ff3)
PHP version 7.2.12 08 Nov 2018 Core: - Fixed bug php76846 Segfault in shutdown function after memory limit error. Nikita - Fixed bug php76946 Cyclic reference in generator not detected. Nikita - Fixed bug php77035 The phpize and ./configure create redundant .deps file. Peter Kokot - Fixed bug...