1138 matches found
CVE-2019-6158
An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x...
Design/Logic Flaw
An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x...
CVE-2019-6158
The CVE-2019-6158 case affects Lenovo XClarity Administrator (LXCA). Concrete details in the connected sources show that HTTP proxy credentials were written to a log file in clear text, impacting LXCA versions 2.0.0 to 2.3.x when proxy credentials are configured. The practical impact is informati...
CVE-2019-6158
An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x...
XClarity Administrator (LXCA) Service Data May Include Proxy Credentials - US
Lenovo Security Advisory: LEN-26141 Potential Impact: Information disclosure Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6158 Summary Description: An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written ...
CVE-2019-11070
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...
Design/Logic Flaw
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...
CVE-2019-11070
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...
CVE-2019-11070
WebKitGTK/WebKitGTK4 (webkitgtk4) is affected by CVE-2019-11070. The issue arises from WebKitGTK and WPE WebKit prior to 2.24.1 failing to apply configured HTTP proxy settings when downloading livestream video (HLS/DASH/Smooth Streaming), leading to potential deanonymization. Remediation in the c...
CVE-2019-11070
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...
CVE-2019-11070
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...
CVE-2019-11070
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...
Security update for obs-service-tar_scm (important)
openSUSE Security Update: Security update for obs-service-tarscm Announcement ID: openSUSE-SU-2019:0329-1 Rating: important References: 1076410 1082696 1105361 1107507 1107944 Cross-References: CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 Affected Products: openSUSE Backports SLE-15 An update tha...
Security update for obs-service-tar_scm (important)
openSUSE Security Update: Security update for obs-service-tarscm Announcement ID: openSUSE-SU-2019:0326-1 Rating: important References: 1076410 1082696 1105361 1107507 1107944 Cross-References: CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 Affected Products: openSUSE Leap 15.0 An update that solve...
GHSA-9XW9-PVGV-6P76 Insufficient Error Handling in http-proxy
Affected versions of http-proxy are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash. Recommendation Update to version 0.7.0 or later...
Insufficient Error Handling in http-proxy
Affected versions of http-proxy are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash. Recommendation Update to version 0.7.0 or later...
Wavemaker Studio 6.6 - Server-Side Request Forgery Vulnerability
Exploit for java platform in category web applications Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Vendor Homepage: http://www.wavemaker.com/ Software Link:...
Wavemaker Studio 6.6 - Server-Side Request Forgery
Wavemaker Studio 6.6 - Server-Side Request Forgery Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link:...
Wavemaker Studio 6.6 - Server-Side Request Forgery
Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...
Security Bulletin: A vulnerability in cURL libcURL affects IBM Tivoli Composite Application Manager for Transactions (CVE-2014-8150)
Summary There is a vulnerability in cURL libcURL that is used by IBM Tivoli Composite Application Manager for Transactions. This was disclosed on January 8, 2015 by the cURL libcURL Project. Vulnerability Details CVE-ID: CVE-2014-8150 DESCRIPTION: libcURL is vulnerable to CRLF injection, caused b...