CVE-2019-12953

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

CVE-2019-12953

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

Design/Logic Flaw

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

UBUNTU-CVE-2019-12953

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

CVE-2019-12953

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

CVE-2019-12953

The CVE-2019-12953 entry concerns Dropbear SSH prior to patched releases (2011.54–2018.76) and describes an information-disclosure via an inconsistent failure delay that may reveal valid usernames, a separate issue from CVE-2018-15599. Connected sources confirm affected software is Dropbear and i...

Design/Logic Flaw

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing...

CVE-2020-9987

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing...

UBUNTU-CVE-2020-28948

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

EulerOS Virtualization 3.0.6.6 : bind (EulerOS-SA-2020-2444)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker...

CVE-2018-4390

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...

CVE-2018-4391

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...

CVE-2020-7326

Improperly implemented security check in McAfee Active Response MAR prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed...

Debian DLA-2391-1 : ruby2.3 security update

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick bundled along with ruby2.3 was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to...

EulerOS 2.0 SP3 : bind (EulerOS-SA-2020-2063)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker...

CVE-2020-14348

It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating...

Design/Logic Flaw

It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating...

The vulnerability of the Squid proxy server, related to the inconsistent interpretation of HTTP requests, allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the Squid proxy server is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks XSS...

The vulnerability of the ngx_http_lua_subrequest.c component in the OpenResty web server allows a attacker to compromise data integrity.

The vulnerability of the ngxhttpluasubrequest.c component in the OpenResty web server is related to inconsistent interpretation of http requests. Exploiting this vulnerability could allow a malicious actor to compromise data integrity from a remote location...

The vulnerability of the Transfer-Encoding and Content-length headers in reverse proxy and proxy redirection mechanisms of the Apache Traffic Server allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Transfer-Encoding and Content-length headers in reverse proxy and proxy redirection mechanisms of the Apache Traffic Server is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability can allow an attacker to gain access to confidential data,...