EulerOS 2.0 SP3 : python (EulerOS-SA-2021-1114)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP.CVE-2020-27619 -...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 1.7.6 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a unauthenticated command execution...

Shodan Host Port

This module uses the shodan API to return all port information found on a given host IP. Module Options msf use auxiliary/gather/shodanhost msf auxiliaryshodanhost show actions ...actions... msf auxiliaryshodanhost set ACTION msf auxiliaryshodanhost show options ...show and set options... msf...

Pulse Secure VPN Remote Code Execution Exploit

The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation...

CVE-2020-26234

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for...

Disabled Hostname Verification in Opencast

Opencast before version 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for...

CVE-2020-26234

Opencast versions before 8.9 and 7.9 disable HTTPS hostname verification in its HTTP client, enabling potential MITM attacks. Root cause: hostname verification was disabled for a large portion of HTTP requests. Affected component/file: Opencast HTTP client. Impact: confidentiality/integrity conce...

DEBIAN-CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

EulerOS 2.0 SP2 : python (EulerOS-SA-2020-2388)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

GHSA-8HXH-R6F7-JF45 Memory exhaustion in http4s-async-http-client with large or malicious compressed responses

Impact A server we connect to with http4s-async-http-client could theoretically respond with a large or malicious compressed stream and exhaust memory in the client JVM. It does not affect http4s servers, other client backends, or clients that speak only to trusted servers. This is related to a...

Memory exhaustion in http4s-async-http-client with large or malicious compressed responses

Impact A server we connect to with http4s-async-http-client could theoretically respond with a large or malicious compressed stream and exhaust memory in the client JVM. It does not affect http4s servers, other client backends, or clients that speak only to trusted servers. This is related to a...

DEBIAN-CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

Crlf injection

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

D-Link Central WiFi Manager CWM(100) RCE

This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes it possible ...

UBUNTU-CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

UBUNTU-CVE-2020-15694

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get.contentLength does not raise any error if a malicious server provides a negative Content-Length...