httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

Drupal Core Remote Code Execution Vulnerability

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

UBUNTU-CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

Cloudera Manager Configuration Download Vulnerability

Cloudera Manager is prone to an information disclosure vulnerability where a unauthenticated attacker may download module configurations. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Cloudera Manager Unauthenticated configuration download

Cloudera Manager allows to download module configurations without authentication by iterating on the module index integer starting from 1 through the following GET request: http://:7180/cmf/services//client-config This finding may not constitute a vulnerability by itself as: This behaviour can be...