Vulnerability & Exploit Database

Displaying entries 231 - 240 of 135952 in total

Debian: CVE-2018-8040: trafficserver -- security update Vulnerability

  • Severity: 4
  • Published: August 29, 2018

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 o...

Debian: CVE-2018-8005: trafficserver -- security update Vulnerability

  • Severity: 4
  • Published: August 29, 2018

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x us...

Debian: CVE-2018-8004: trafficserver -- security update Vulnerability

  • Severity: 4
  • Published: August 29, 2018

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.<...

Debian: CVE-2018-1318: trafficserver -- security update Vulnerability

  • Severity: 4
  • Published: August 29, 2018

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Alpine Linux: CVE-2018-5740: bind A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named Vulnerability

  • Severity: 4
  • Published: August 29, 2018

deny-answer-aliases is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name....

Alpine Linux: CVE-2018-16058: wireshark Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: August 29, 2018

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.