86 matches found
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Cloud Foundry - Python (CVE-2019-9947, CVE-2019-9948)
Summary Security Vulnerabilities affect IBM Cloud Private Cloud Foundry - Python CVE-2019-9947, CVE-2019-9948 Vulnerability Details CVEID: CVE-2019-9948 DESCRIPTION: urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection...
NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0187)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of servic...
USN-4127-2 python2.7, python3.4 vulnerabilities
USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume...
17 years not to fix Firefox local file stealing vulnerability analysis-vulnerability warning-the black bar safety net
Recently, security researchers Barak Tawily of the homologous policy the Same Origin Policy attack carried out research and found that the Firefox browser due to file scheme URI to the same origin policy of improperly implemented, will lead to Firefox browser by the local file theft attack. Attac...
Debian DLA-1834-1 : python2.7 security update
Multiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including CVE-2018-14647 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against...
Security update for python (important)
openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2019:1580-1 Rating: important References: 1129346 1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available. Description:...
MGASA-2019-0165 Updated python packages fix security vulnerability
Updated python packages fix security vulnerability: A 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead CVE-2019-9948...
Updated python packages fix security vulnerability
Updated python packages fix security vulnerability: A 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead CVE-2019-9948...
ALPINE-CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
DEBIAN-CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
PSF-2019-12 urllib module local_file:// scheme
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
PT-2019-2028 · Python +8 · Python +8
Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Description: The issue is related to the urllib module in Python, which supports the local file: scheme. This makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs. A...
DEBIAN-CVE-2018-12563
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...
cURL -- URL file scheme drive letter buffer overflow
cURL security advisory: When libcurl is given either 1. a file: URL that doesn't use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcur...
UBUNTU-CVE-2016-5266
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop aka dataTransfer actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site...
OpenShift: downloadable cartridge source url file command execution as root
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...
CVE-2012-5624
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application...
Design/Logic Flaw
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application...
CVE-2012-5624
CVE-2012-5624 affects Qt 4.x where the XMLHttpRequest implementation could be redirected from http to the file: URL scheme, enabling a man‑in‑the‑middle attacker to trigger reads of local files in a QML application. The root cause is improper handling of redirects in XMLHttpRequest, allowing acce...
CVE-2012-5624
Removed by vendor...