Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-35769: Always use IPv6 if a v6 address was given https://github.com/webmin/w… · webmin/webmin@1163f3a

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

CVE
#web#windows#git#perl

@@ -2603,8 +2603,9 @@ sub handle_request

if ($on_windows) {

Run the CGI program, and feed it input

chdir($ENV{"PWD"});

local $qqueryargs = join(" ", map { “\"$_\"” }

split(/\s+/, $queryargs));

local $qqueryargs = join(" ",

map { s/([<>|&"^])/^$1/g; “\"$_\"” }

split(/\s+/, $queryargs));

if ($first =~ /(perl|perl.exe)$/i) {

On Windows, run with Perl

open(CGIOUTr, “$perl_path \"$full\” $qqueryargs <$infile |");

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907