undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

Amazon Linux AMI : exim (ALAS-2019-1277)

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.CVE-2019-15846 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2019-1277. include'compat.inc'; ...

CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

DEBIAN-CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

Code injection

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

UBUNTU-CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

PT-2019-3248 · Exim +2 · Exim +2

Name of the Vulnerable Software and Affected Versions: Exim versions prior to 4.92.2 Description: The issue is related to errors in object handling in memory, allowing a remote attacker to gain access to confidential data, disrupt its integrity, and cause a denial of service. It also allows remot...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2019:2118 An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

glibc: getaddrinfo should reject IP addresses with trailing characters

In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...

DEBIAN-CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

Open Redirection

apostrophe is vulnerable to Open Redirection. This is because of a redirection when the url contains trailing slashes. The attacker is thus able to craft a malicious ulr to trick apostrophe to parse the url into the attacker's intended domain...

openSUSE Security Update : gitolite (openSUSE-2019-754)

This update for gitolite fixes the following issues : Gitolite was updated to 3.6.9 : - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite boo1108272 - 'info' learns new '-p' option to show only physical repos as opposed to wild repos The update to 3.6.8 contains : -...

httpd: <FilesMatch> bypass with a trailing newline in the file name

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

The vulnerability of the django.middleware.common.CommonMiddleware module in the Django web framework for developing Python-based web applications allows a attacker to redirect users to malicious URIs.

The vulnerability of the django.middleware.common.CommonMiddleware module in the Django web framework for developing Python-based web applications is related to the improper handling of URL patterns that end with the symbol “/”. This occurs when the options django.middleware.common.CommonMiddlewa...

UBUNTU-CVE-2016-10739

In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...

Arbitrary File Writes And Directory Creation

System.IO.Compression.ZipFile is vulnerable to arbitrary file writes and directory creation. The vulnerability can be triggered because it does not properly validate the trailing separator for nested paths...