AlmaLinux 8 : python38:3.8 and python38-devel:3.8 (ALSA-2022:1764)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1764 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass...

AlmaLinux 8 : python3 (ALSA-2022:1986)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1986 advisory. - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP...

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV340 SSL VPN Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a stack buffer overflow in the Cisco RV serie...

RHEL 8 : python3 (RHSA-2022:1986)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1986 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 8 : python27:2.7 (RHSA-2022:1821)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1821 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic...

RHEL 8 : python38:3.8 and python38-devel:3.8 (RHSA-2022:1764)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1764 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

ALSA-2022:1986 Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2022:1821 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

python38:3.8 and python38-devel:3.8 security update

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, modwsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe,...

PT-2022-4628 · Microsoft +5 · Visual Studio +9

Name of the Vulnerable Software and Affected Versions: .NET Core versions 3.1 through 3.1.24 .NET 5.0 versions 5.0 through 5.0.16 .NET 6.0 versions 6.0 through 6.0.4 Description: The issue is related to incorrect cleanup or release of resources in Microsoft Visual Studio and the .NET Framework,...

CentOS 8 : python27:2.7 (CESA-2022:1821)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1821 advisory. - python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 - python: urllib: HTTP client possible infinite loop on a 100 Contin...

CentOS 8 : python3 (CESA-2022:1986)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1986 advisory. - python: urllib: HTTP client possible infinite loop on a 100 Continue response CVE-2021-3737 - python: ftplib should not use the host from the PASV...

NewStart CGSL MAIN 6.02 : python3 Multiple Vulnerabilities (NS-SA-2022-0049)

The remote NewStart CGSL host, running version MAIN 6.02, has python3 packages installed that are affected by multiple vulnerabilities: - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTT...

VMware Workspace ONE Access Template Injection / Command Execution Exploit

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user. This module requires Metasploit: https://metasploit.com/download Current source:...