Lucene search
K

10 matches found

CVE
CVE
added 2019/11/22 10:56 p.m.315 views

CVE-2019-11291

CVE-2019-11291 affects Pivotal RabbitMQ: 3.7.x before 3.7.20, 3.8.x before 3.8.1, and RabbitMQ for PCF (1.16.x before 1.16.7, 1.17.x before 1.17.4). The underlying issue is improper sanitization of input in the federation and shovel endpoints, enabling a remote authenticated attacker with adminis...

4.8CVSS4AI score0.00796EPSS
CVE
CVE
added 2019/12/20 11:0 p.m.313 views

CVE-2019-16786

Waitress (Python WSGI server) before version 1.4.0 exposed an HTTP request-smuggling vulnerability related to Transfer-Encoding. If a request’s Transfer-Encoding header was not finalised as chunked, Waitress could ignore the header and fall back to Content-Length, potentially allowing HTTP pipeli...

7.5CVSS7AI score0.02545EPSS
CVE
CVE
added 2019/11/22 11:26 p.m.308 views

CVE-2019-11287

CVE-2019-11287 affects Pivotal RabbitMQ and RabbitMQ for Pivotal Platform web management plugin. Versions 3.7.x before 3.7.21, 3.8.x before 3.8.1, and 1.16.x before 1.16.7 and 1.17.x before 1.17.4 are vulnerable. The vulnerability allows a crafted X-Reason HTTP header to inject a malicious Erlang...

7.5CVSS5.6AI score0.04519EPSS
CVE
CVE
added 2019/12/20 11:0 p.m.297 views

CVE-2019-16785

Summary: The vulnerability CVE-2019-16785 affects Waitress (Python WSGI server) up to v1.3.1. It relates to RFC7230’s line-termination rule: Waitress may treat messages inconsistently when a proxy uses LF vs CRLF, enabling HTTP request smuggling/splitting. Impact is the front-end and back-end par...

7.5CVSS7.1AI score0.02714EPSS
CVE
CVE
added 2020/06/26 12:0 a.m.289 views

CVE-2020-10753

CVE-2020-10753 affects Red Hat Ceph Storage RadosGW (Ceph Object Gateway). A newline in a CORS ExposeHeader tag in the CORS configuration can inject HTTP headers into responses, enabling header injection during CORS requests. The issue is reported for Ceph RGW in versions 3.x and 4.x (with relate...

6.5CVSS6.5AI score0.01627EPSS
CVE
CVE
added 2019/12/26 4:40 p.m.259 views

CVE-2019-16789

Affected software: Waitress (Python WSGI server) up to version 1.4.0. Vulnerability arises when a front-end proxy sends requests with Transfer-Encoding containing invalid whitespace characters; Waitress may parse such requests as chunked while the front-end uses Content-Length, enabling HTTP requ...

8.2CVSS6.8AI score0.02587EPSS
CVE
CVE
added 2019/10/16 3:23 p.m.250 views

CVE-2019-11281

CVE-2019-11281 affects Pivotal RabbitMQ and RabbitMQ for PCF where two UI components (virtual host limits page and federation management UI) fail to sanitize user input. A remote authenticated administrator could craft a cross-site scripting attack to access virtual hosts and policy management in...

4.8CVSS4.9AI score0.01165EPSS
CVE
CVE
added 2020/01/02 2:15 p.m.232 views

CVE-2019-14859

CVE-2019-14859 affects the Python library python-ecdsa. A flaw exists in all versions before 0.13.3 where signatures are not properly verified for DER encoding, allowing a malformed signature to be accepted and making signatures malleable. This could enable an attacker to use a malleable signatur...

9.1CVSS8.8AI score0.01596EPSS
CVE
CVE
added 2020/05/11 12:0 a.m.212 views

CVE-2020-10685

CVE-2020-10685 affects Ansible Engine versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, 2.9.x before 2.9.7, and Ansible Tower up to 3.6.3, when using vault-decrypting modules (assemble, script, unarchive, win_copy, aws_s3, copy). A temporary directory is created in /tmp and left unencrypted; on ...

5.5CVSS5.8AI score0.00376EPSS
CVE
CVE
added 2020/04/13 12:4 p.m.211 views

CVE-2020-1759

CVE-2020-1759 affects Red Hat Ceph Storage 4 and Red Hat OpenShift Container Storage 4.2, where the secure mode of the messenger v2 protocol (msgr2) allows nonce reuse. This enables forging authentication tags and can lead to confidentiality and integrity problems in sessions when a nonce is reus...

6.8CVSS6.5AI score0.01373EPSS