OPENSUSE-SU-2026:10427-1 jupyter-matplotlib-0.11.7-17.1 on GA media

These are all security issues fixed in the jupyter-matplotlib-0.11.7-17.1 package on the GA media of openSUSE Tumbleweed...

PT-2021-14693 · Jenkins · Jenkins S3 Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins S3 publisher Plugin versions 0.11.6 and earlier Description: The issue allows attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled, due to a lack...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

PT-2020-16990 · Hashicorp +1 · Nomad +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.9.0 through 0.12.7 Description: The client Docker file sandbox feature in HashiCorp Nomad and Nomad Enterprise may be subverted when not explicitly disabled or when using a volume mount type. Th...

HTTP response splitting in uvicorn

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP...

CVE-2020-7695

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers...

Design/Logic Flaw

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers...

PT-2020-19718 · None · Uvicorn

Name of the Vulnerable Software and Affected Versions: Uvicorn versions prior to 0.11.7 Description: The issue allows attackers to exploit HTTP response splitting by adding arbitrary headers to HTTP responses or returning an arbitrary response body when crafted input is used to construct HTTP...

Boostnote Cross-Site Scripting Vulnerability

Boostnote is an application for writing code snippets. The program supports writing JavaScript, Python, HTML and CSS in several languages and has an autosave feature. A cross-site scripting vulnerability exists in Boostnote version 0.11.7. A remote attacker can exploit this vulnerability to injec...

PYSEC-2014-77

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

Fedora 11 : trac-0.11.7-1.fc11 (2010-4287)

Update to upstream version 0.11.7, fixing one security flaw and multiple bugs. Refer to upstream changelog for further details: http://trac.edgewall.org/wiki/ChangeLoga0.11.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisor...

Trac Ticket Validation Security Bypass Vulnerability

Trac is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Trac Ticket Validation Security Bypass Vulnerability

Trac is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Versions prior to Trac 0.11.7 are vulnerable. OpenVAS Vulnerability Test $Id: gbtrac39040.nasl 5390 2017-02-21 18:39:27Z mime $ Trac Ticket...

[SECURITY] Fedora 11 Update: trac-0.11.7-1.fc11

Trac is an integrated system for managing software projects, an enhanced wiki, a flexible web-based issue tracker, and an interface to the Subversion revision control system. At the core of Trac lies an integrated wiki and issue/bug database. Using wiki markup, all objects managed by Trac can...

Mandrake Security Advisory MDVSA-2009:123 (opensc)

The remote host is missing an update to opensc announced via advisory MDVSA-2009:123. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

OpenSC Security Bypass Vulnerability

This host is installed with OpenSC and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbopenscsecbypassvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ OpenSC Security Bypass Vulnerability Authors: Sharath S Copyright: Copyright c 2009 Greenbone Networks GmbH,...

OpenSC 0.11.x - PKCS#11 Implementation Unauthorized Access

source: https://www.securityfocus.com/bid/33922/info OpenSC is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access to private data, which may lead to other attacks. Versions prior to OpenSC 0.11.7 are vulnerable. The following proof of conce...