CenturyLink Customer Data Exposed

CenturyLink Customer Data Exposed
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database CVE-2019-16919PUBLISHED: 2019-10-18

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper pr...

CVE-2019-17513PUBLISHED: 2019-10-18

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.