13 matches found
PYSEC-2024-18
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...
whoogle-search Code Issue Vulnerability
whoogle-search is a software application. Self-hosted, ad-free, privacy-respecting meta-search engine A code issue vulnerability exists in versions prior to whoogle-search 0.8.4 that stems from a window endpoint that does not clean up user-supplied input from the location variable and passes it t...
RHEL 8 : libssh (RHSA-2020:4545)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4545 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages ha...
RLSA-2020:4545 Moderate: libssh security, bug fix, and enhancement update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.4. BZ1804797 Security Fixes: libssh: denial of service when handling AES-CTR or DES ciphers...
Moderate: libssh security, bug fix, and enhancement update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.4. BZ1804797 Security Fixes: libssh: denial of service when handling AES-CTR or DES ciphers...
FreeBSD : libssh -- Unsanitized location in scp could lead to unwanted command execution (1e7fa41b-f6ca-4fe8-bd46-0e176b42b14f)
The libssh team reports : In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in additon. When the libssh SCP client connects to a server, the scp command, which includes a...
OPENSUSE-SU-2020:0102-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095. This update was imported from the SUSE:SLE-15-SP1:Update update project...
SUSE SLED15 / SLES15 Security Update : libssh (SUSE-SU-2020:0130-1)
This update for libssh fixes the following issues : CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempte...
SUSE SLES12 Security Update : libssh (SUSE-SU-2020:0131-1)
This update for libssh fixes the following issues : CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempte...
SUSE-SU-2020:0131-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095...
SUSE-SU-2020:0130-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095...
libssh -- Unsanitized location in scp could lead to unwanted command execution
The libssh team reports: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in additon. When the libssh SCP client connects to a server, the scp command, which includes a...
WebCalendar -- Persistent XSS
tom reports, There is no sanitation on the input of the location variable allowing for persistent XSS...