Low: Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update

An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a...

Amazon Linux AMI : python-twisted-web (ALAS-2020-1372)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1372 advisory. In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set ...

Important: python-twisted-web

Issue Overview: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined...

Amazon Linux 2 : python-twisted-web (ALAS-2020-1428)

The version of python-twisted-web installed on the remote host is prior to 12.1.0-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1428 advisory. In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a...

Important: python-twisted-web

Issue Overview: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. CVE-2020-10109 In...

Improper Input Validation in Twisted

In Twisted Web before 20.3.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...

GHSA-P5XH-VX83-MXCJ HTTP Request Smuggling in Twisted

In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...

USN-4308-2: Twisted vulnerabilities

USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject...

USN-4308-2 twisted vulnerabilities

USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11

Summary IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js version 8 for which multiple vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of...

GLSA-202003-48 : Node.js: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-48 Node.js: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly write arbitrary files,...

Ubuntu 16.04 LTS / 18.04 LTS : Twisted vulnerabilities (USN-4308-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4308-1 advisory. it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to...

USN-4308-1 twisted vulnerabilities

it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. CVE-2019-12387 It was discovered that Twisted incorrectly verified XMPP TLS...

USN-4308-1: Twisted vulnerabilities

it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. CVE-2019-12387 It was discovered that Twisted incorrectly verified XMPP TLS...

Debian: Security Advisory (DLA-2145-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2145-2 : twisted security update

It was discovered that there were was a regression introduced in DLA-2145-1 due to the incorrect application of the upstream patch for CVE-2020-10108 & CVE-2020-10109 regarding a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework for building various type...

HTTP Request Splitting

twisted is vulnerable to HTTP request splitting. The vulnerability exists as requests with both Content-Length and Transfer-Encoding headers would have honored the first header.This vulnerability is similar to CVE-2020-10108...

Security fix for the ALT Linux 9 package squid version 4.10-alt1

4.10-alt1 built March 16, 2020 Alexey Shabalin in task 247850 --- March 14, 2020 Alexey Shabalin - Updated to 4.10. - Fixes: + CVE-2019-12526 Heap Overflow issue in URN processing. + CVE-2019-12523 Multiple issues in URI processing. + CVE-2019-18676 Multiple issues in URI processing. +...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1)

This update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI...

SUSE-SU-2020:0661-1 Security update for squid

This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in...