Lucene search
+L

14 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 9:24 p.m.183 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to urllib3 for python man-in-the-middle and security bypass vulnerabilities( CVE-2021-3572,CVE-2021-28363,)

Summary Potential urllib3 for python man-in-the-middle and security bypass vulnerabilities CVE-2021-28363, CVE-2021-3572 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-28363...

6.5CVSS6.6AI score0.02109EPSS
Exploits2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.3 views

SUSE CVE-2021-28363

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates for...

6.5CVSS8AI score0.02109EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/04 12:0 a.m.43 views

Amazon Linux 2 : python-pip (ALAS-2021-1667)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1667 advisory. The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given...

6.5CVSS7.5AI score0.02109EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.25 views

Slackware: Security Advisory (SSA:2022-077-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.02109EPSS
Exploits0References3
Slackware Linux
Slackware Linux
added 2022/03/18 8:17 p.m.47 views

[slackware-security] python3

New python3 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.11-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: libexpat upgraded from 2.4.1 to 2.4.7 bundl...

6.5CVSS0.3AI score0.02109EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/18 5:28 p.m.161 views

Security Bulletin: urllib upgrade CVE-2021-33503, CVE-2021-28363

Summary The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificat...

7.5CVSS7.1AI score0.03273EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.41 views

Slackware Linux 15.0 / current python3 Vulnerability (SSA:2022-077-01)

The version of python3 installed on the remote host is prior to 3.9.11. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-077-01 advisory. - The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxie...

6.5CVSS7.5AI score0.02109EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.28 views

Mageia: Security Advisory (MGASA-2021-0371)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.03273EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/01/24 12:0 a.m.35 views

GLSA-202107-36 : urllib3: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202107-36 urllib3: Multiple vulnerabilities Multiple vulnerabilities have been discovered in urllib3. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a possible Denial of Service...

7.5CVSS7.2AI score0.03273EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/25 12:35 a.m.33 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python urllib3

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python urllib3. Vulnerability Details CVEID: CVE-2021-28363 DESCRIPTION: urllib3 for python is vulnerable to a man-in-the-middle attack, caused by improper certificate validation in some cases involving HTTPS...

6.5CVSS1.1AI score0.02109EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2021/06/23 12:0 a.m.92 views

Medium: python-pip

Issue Overview: A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates...

6.5CVSS7.2AI score0.02109EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2021/03/19 7:42 p.m.6 views

170051277-trab-final-gces (>=0.3.0 <=0.5.0), 2022-2-gces-ifpf (=0.3.0) +10388 more potentially affected by CVE-2021-28363 via urllib3 (>=1.26.0 <=1.26.3)

urllib3 PYPI version =1.26.0, =0.3.0, =0.0.1a0, =0.1.0, =0.0.5, =0.1.0, =0.1.0, =1.0.28, =0.6.0, =0.1.10, =16.0.0, =0.0.3, =1.0.0, =1.1.6 and more Source cves: CVE-2021-28363 Source advisory: OSV:GHSA-5PHF-PP7P-VC2R...

6.5CVSS6.7AI score0.02109EPSS
Exploits0
CVE
CVE
added 2021/03/15 12:0 a.m.214 views

CVE-2021-28363

CVE-2021-28363 affects urllib3 for Python: versions 1.26.x before 1.26.4 omit SSL certificate validation when connecting HTTPS to HTTPS proxies, potentially enabling MITM via proxy hostname mismatch. Impact is partial confidentiality. Remediation: upgrade urllib3 to 1.26.4 or later (patched versi...

6.5CVSS6.4AI score0.02109EPSS
Exploits0References9Affected Software1
AlpineLinux
AlpineLinux
added 2021/03/15 12:0 a.m.39 views

CVE-2021-28363

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates for...

6.5CVSS6.7AI score0.02109EPSS
Exploits0
Rows per page
Query Builder