Lucene search
K

86 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/01/02 2:17 p.m.57 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Cloud Foundry - Python (CVE-2019-9947, CVE-2019-9948)

Summary Security Vulnerabilities affect IBM Cloud Private Cloud Foundry - Python CVE-2019-9947, CVE-2019-9948 Vulnerability Details CVEID: CVE-2019-9948 DESCRIPTION: urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection...

9.1CVSS0.4AI score0.11844EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/10/15 12:0 a.m.260 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0187)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of servic...

9.1CVSS6.6AI score0.20743EPSS
Exploits4References6
OSV
OSV
added 2019/09/10 1:8 p.m.10 views

USN-4127-2 python2.7, python3.4 vulnerabilities

USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume...

9.8CVSS6.8AI score0.20743EPSS
Exploits6References9
myhack58
myhack58
added 2019/07/13 12:0 a.m.292 views

17 years not to fix Firefox local file stealing vulnerability analysis-vulnerability warning-the black bar safety net

Recently, security researchers Barak Tawily of the homologous policy the Same Origin Policy attack carried out research and found that the Firefox browser due to file scheme URI to the same origin policy of improperly implemented, will lead to Firefox browser by the local file theft attack. Attac...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/06/25 12:0 a.m.49 views

Debian DLA-1834-1 : python2.7 security update

Multiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including CVE-2018-14647 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against...

9.8CVSS7.2AI score0.20743EPSS
Exploits4References9
OPENSUSE Linux
OPENSUSE Linux
added 2019/06/18 12:0 a.m.238 views

Security update for python (important)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2019:1580-1 Rating: important References: 1129346 1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available. Description:...

9.8CVSS8.6AI score0.11844EPSS
Exploits1References2
OSV
OSV
added 2019/05/12 9:35 a.m.10 views

MGASA-2019-0165 Updated python packages fix security vulnerability

Updated python packages fix security vulnerability: A 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead CVE-2019-9948...

9.1CVSS9.6AI score0.11844EPSS
Exploits1References3
Mageia
Mageia
added 2019/05/12 9:35 a.m.51 views

Updated python packages fix security vulnerability

Updated python packages fix security vulnerability: A 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead CVE-2019-9948...

9.1CVSS1.3AI score0.11844EPSS
Exploits1References2
OSV
OSV
added 2019/03/23 6:29 p.m.3 views

ALPINE-CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS6.9AI score0.11844EPSS
Exploits1References1
OSV
OSV
added 2019/03/23 6:29 p.m.3 views

DEBIAN-CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS7.3AI score0.11844EPSS
Exploits1References1
OSV
OSV
added 2019/03/23 5:7 p.m.26 views

PSF-2019-12 urllib module local_file:// scheme

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS8.7AI score0.11844EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/03/23 12:0 a.m.11 views

PT-2019-2028 · Python +8 · Python +8

Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Description: The issue is related to the urllib module in Python, which supports the local file: scheme. This makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs. A...

10CVSS6.4AI score0.73327EPSS
Exploits72References435
OSV
OSV
added 2018/06/19 5:29 a.m.1 views

DEBIAN-CVE-2018-12563

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...

6.5CVSS6.9AI score0.00889EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2017/06/14 12:0 a.m.22 views

cURL -- URL file scheme drive letter buffer overflow

cURL security advisory: When libcurl is given either 1. a file: URL that doesn't use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcur...

5.3CVSS1.6AI score0.03287EPSS
Exploits0References1
OSV
OSV
added 2016/08/03 12:0 a.m.1 views

UBUNTU-CVE-2016-5266

Mozilla Firefox before 48.0 does not properly restrict drag-and-drop aka dataTransfer actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site...

8.1CVSS7.3AI score0.0166EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/05/21 3:55 p.m.5 views

OpenShift: downloadable cartridge source url file command execution as root

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...

6.5CVSS6.1AI score0.01734EPSS
Exploits1References4
NVD
NVD
added 2013/02/24 7:55 p.m.21 views

CVE-2012-5624

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application...

4.3CVSS5.7AI score0.01939EPSS
Exploits0References10
Prion
Prion
added 2013/02/24 7:55 p.m.24 views

Design/Logic Flaw

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application...

4.3CVSS6.3AI score0.01939EPSS
Exploits0References10Affected Software2
CVE
CVE
added 2013/02/24 7:0 p.m.80 views

CVE-2012-5624

CVE-2012-5624 affects Qt 4.x where the XMLHttpRequest implementation could be redirected from http to the file: URL scheme, enabling a man‑in‑the‑middle attacker to trigger reads of local files in a QML application. The root cause is improper handling of redirects in XMLHttpRequest, allowing acce...

4.3CVSS5.8AI score0.01939EPSS
Exploits0References10Affected Software2
Debian CVE
Debian CVE
added 2013/02/24 7:0 p.m.28 views

CVE-2012-5624

Removed by vendor...

4.3CVSS6.7AI score0.01939EPSS
Exploits0
Rows per page
Query Builder