3370 matches found
CVE-2019-12387
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...
CVE-2019-12387
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...
Security update for libtasn1 (moderate)
openSUSE Security Update: Security update for libtasn1 Announcement ID: openSUSE-SU-2019:1510-1 Rating: moderate References: 1040621 1105435 Cross-References: CVE-2017-6891 CVE-2018-1000654 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available. Descriptio...
Recommended update for GraphicsMagick (moderate)
openSUSE Security Update: Recommended update for GraphicsMagick Announcement ID: openSUSE-SU-2019:1507-1 Rating: moderate References: 1136183 Affected Products: openSUSE Backports SLE-15 An update that contains security fixes can now be installed. Description: This update for GraphicsMagick fixes...
CVE-2019-10328
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10328
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
50k Servers Infected with Cryptomining Malware in Nansh0u Campaign
Up to 50,000 servers were infected over the past four months as part of a high-profile cryptojacking campaign, believed to orchestrated by Chinese-language adversaries. Researchers with Guardicore Labs, who disclosed the campaign Wednesday, said that the Nansh0u campaign named due to a text file...
Security update for sqlite3 (moderate)
openSUSE Security Update: Security update for sqlite3 Announcement ID: openSUSE-SU-2019:1426-1 Rating: moderate References: 1085790 1132045 Cross-References: CVE-2017-10989 CVE-2018-8740 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available. Description:...
Security update for qemu (important)
openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2019:1420-1 Rating: important References: 1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: openSUSE Leap 42.3 An update that fixes four vulnerabilities is now...
CVE-2019-10913
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...
Sql injection
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...
CVE-2019-10913
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...
CVE-2019-10913
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...
CVE-2019-10913
CVE-2019-10913 affects the Symfony PHP framework's HTTP Foundation. Versions vulnerable include Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7. The issue: HTTP methods provided as verbs or via the X-Http-Method-Override header may be treat...
CVE-2019-10913
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...
Fedora 29 : php-pecl-imagick (2019-5dc1f4100e)
Version 3.4.4 - The 3.4.4 release is intended to be the last release other than small bug fixes that will support either PHP 5.x, or ImageMagick 6.x. The next planned release will be PHP 7.0 and ImageMagick 7.0 at least, if not higher. - Added: - function Imagick::optimizeImageTransparency -...
Security update for ucode-intel (important)
openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2019:1402-1 Rating: important References: 1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: openSUSE Leap 15.0 An update that fixes four vulnerabilities is...
Bots Tampering with TLS to Avoid Detection
Researchers at Akamai observed attackers using a novel approach for evading detection. This new technique - which we call Cipher Stunting - has become a growing threat, with its roots tracing back to early-2018. By using advanced methods, attackers are...
Microarchitectural Data Sampling speculative side channel
ISSUE DESCRIPTION Microarchitectural Data Sampling refers to a group of speculative sidechannels vulnerabilities. They consist of: CVE-2018-12126 - MSBDS - Microarchitectural Store Buffer Data Sampling CVE-2018-12127 - MLPDS - Microarchitectural Load Port Data Sampling CVE-2018-12130 - MFBDS -...
dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...