CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1624 matches found

RedHat Linux•added 2023/11/07 8:52 a.m.•2 views

golang: net/http: insufficient sanitization of Host header

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacke...

6.5CVSS6.9AI score0.00344EPSS

Exploits0References5

Tenable Nessus•added 2023/11/07 12:0 a.m.•30 views

Rocky Linux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2022:1764)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1764 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser...

8.2CVSS7.2AI score0.05428EPSS

Exploits3References11

Tenable Nessus•added 2023/11/07 12:0 a.m.•39 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : urllib3 vulnerabilities (USN-6473-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6473-1 advisory. It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A...

8.1CVSS7.3AI score0.0095EPSS

Exploits0References4

Tenable Nessus•added 2023/11/06 12:0 a.m.•33 views

Rocky Linux 8 : python27:2.7 (RLSA-2022:1821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1821 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser...

8.2CVSS7.2AI score0.05428EPSS

Exploits3References12

Tenable Nessus•added 2023/11/06 12:0 a.m.•28 views

Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2021:4160)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4160 advisory. - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the...

9.8CVSS7.5AI score0.02048EPSS

Exploits6References15

OpenVAS•added 2023/11/05 12:0 a.m.•23 views

Fedora: Security Advisory (FEDORA-2023-18f03a150d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.3AI score0.0095EPSS

Exploits0References3

Fedora•added 2023/11/03 7:1 p.m.•45 views

[SECURITY] Fedora 39 Update: python-urllib3-1.26.18-1.fc39

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =EF=BF=BD=EF=BF=BD=EF=BF=BD Thread safety. =EF=BF=BD=EF=BF=BD=EF=BF=BD Connection pooling. =EF=BF=BD=EF=BF=BD=EF=BF=BD Client-side SSL/TLS...

8.1CVSS7.2AI score0.0095EPSS

Exploits0

OpenVAS•added 2023/11/03 12:0 a.m.•20 views

Fedora: Security Advisory for python-urllib3 (FEDORA-2023-dede912109)

4.2CVSS6.4AI score0.00056EPSS

Exploits0References2

Tenable Nessus•added 2023/11/03 12:0 a.m.•25 views

Fedora 37 : python-urllib3 (2023-dede912109)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-dede912109 advisory. Update to 1.26.18. Mitigates CVE-2023-45803 / GHSA-g4mx-q9vg-27p4. Ref: https://github.com/advisories/GHSA-g4mx-q9vg-27p4 Tenable has extracted the preceding...

4.2CVSS7AI score0.00056EPSS

Exploits0References2

RedhatCVE•added 2023/10/29 2:55 p.m.•44 views

CVE-2023-45803

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS6.1AI score0.00056EPSS

Exploits0References6

OpenVAS•added 2023/10/22 12:0 a.m.•19 views

Fedora: Security Advisory for python-urllib3 (FEDORA-2023-932b0c86f4)

4.2CVSS6.4AI score0.00056EPSS

Exploits0References2

Fedora•added 2023/10/21 1:30 a.m.•38 views

[SECURITY] Fedora 38 Update: python-urllib3-1.26.18-1.fc38

4.2CVSS7AI score0.00056EPSS

Exploits0

NVD•added 2023/10/17 8:15 p.m.•24 views

CVE-2023-45803

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

4.2CVSS6.2AI score0.00056EPSS

Exploits0References7

OSV•added 2023/10/17 8:15 p.m.•1 views

UBUNTU-CVE-2023-45803

4.2CVSS6.6AI score0.00056EPSS

Exploits0References8

UbuntuCve•added 2023/10/17 8:15 p.m.•101 views

CVE-2023-45803

4.2CVSS6.6AI score0.00056EPSS

Exploits0References7

CVE•added 2023/10/17 7:43 p.m.•650 views

CVE-2023-45803

CVE-2023-45803 affects the Python urllib3 library. The issue arises when handling HTTP redirects (301/302/303) after a request’s method changes from something that can carry a body (e.g., POST) to GET, where urllib3 previously did not remove the HTTP request body. This could allow leakage of sens...

4.2CVSS6.6AI score0.00056EPSS

Exploits0References7Affected Software1