10 matches found
CVE-2019-11291
CVE-2019-11291 affects Pivotal RabbitMQ: 3.7.x before 3.7.20, 3.8.x before 3.8.1, and RabbitMQ for PCF (1.16.x before 1.16.7, 1.17.x before 1.17.4). The underlying issue is improper sanitization of input in the federation and shovel endpoints, enabling a remote authenticated attacker with adminis...
CVE-2019-11287
CVE-2019-11287 affects Pivotal RabbitMQ and RabbitMQ for Pivotal Platform web management plugin. Versions 3.7.x before 3.7.21, 3.8.x before 3.8.1, and 1.16.x before 1.16.7 and 1.17.x before 1.17.4 are vulnerable. The vulnerability allows a crafted X-Reason HTTP header to inject a malicious Erlang...
CVE-2019-16786
Waitress (Python WSGI server) before version 1.4.0 exposed an HTTP request-smuggling vulnerability related to Transfer-Encoding. If a request’s Transfer-Encoding header was not finalised as chunked, Waitress could ignore the header and fall back to Content-Length, potentially allowing HTTP pipeli...
CVE-2019-16785
Summary: The vulnerability CVE-2019-16785 affects Waitress (Python WSGI server) up to v1.3.1. It relates to RFC7230’s line-termination rule: Waitress may treat messages inconsistently when a proxy uses LF vs CRLF, enabling HTTP request smuggling/splitting. Impact is the front-end and back-end par...
CVE-2020-10753
CVE-2020-10753 affects Red Hat Ceph Storage RadosGW (Ceph Object Gateway). A newline in a CORS ExposeHeader tag in the CORS configuration can inject HTTP headers into responses, enabling header injection during CORS requests. The issue is reported for Ceph RGW in versions 3.x and 4.x (with relate...
CVE-2019-11281
CVE-2019-11281 affects Pivotal RabbitMQ and RabbitMQ for PCF where two UI components (virtual host limits page and federation management UI) fail to sanitize user input. A remote authenticated administrator could craft a cross-site scripting attack to access virtual hosts and policy management in...
CVE-2019-16789
Affected software: Waitress (Python WSGI server) up to version 1.4.0. Vulnerability arises when a front-end proxy sends requests with Transfer-Encoding containing invalid whitespace characters; Waitress may parse such requests as chunked while the front-end uses Content-Length, enabling HTTP requ...
CVE-2019-14859
CVE-2019-14859 affects the Python library python-ecdsa. A flaw exists in all versions before 0.13.3 where signatures are not properly verified for DER encoding, allowing a malformed signature to be accepted and making signatures malleable. This could enable an attacker to use a malleable signatur...
CVE-2020-1759
CVE-2020-1759 affects Red Hat Ceph Storage 4 and Red Hat OpenShift Container Storage 4.2, where the secure mode of the messenger v2 protocol (msgr2) allows nonce reuse. This enables forging authentication tags and can lead to confidentiality and integrity problems in sessions when a nonce is reus...
CVE-2020-10685
CVE-2020-10685 affects Ansible Engine versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, 2.9.x before 2.9.7, and Ansible Tower up to 3.6.3, when using vault-decrypting modules (assemble, script, unarchive, win_copy, aws_s3, copy). A temporary directory is created in /tmp and left unencrypted; on ...