Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

Fedora: Security Advisory for mingw-python-requests (FEDORA-2023-f3824383be)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : mingw-python-requests (2023-f3824383be)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f3824383be advisory. Update to requests-2.31.0. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora: Security Advisory for python-requests (FEDORA-2023-078e257f1c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-requests (FEDORA-2023-521ebb9cbb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : python-requests (2023-078e257f1c)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-078e257f1c advisory. - Security fix for CVE-2023-32681 - https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q Tenable has extracted the preceding description...

Fedora 38 : python-requests (2023-521ebb9cbb)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-521ebb9cbb advisory. - Security fix for CVE-2023-32681 - https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q Tenable has extracted the preceding description...

CVE-2023-32681

A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the Proxy-Authorization...

Debian: Security Advisory (DLA-1511-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2014-1829

Requests aka python-requests before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request...

SUSE CVE-2014-1830

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

SUSE CVE-2014-8650

python-requests-Kerberos through 0.5 does not handle mutual authentication...

Bypass-Url-Parser - Tool That Tests Many URL Bypasses To Reach A 40X Protected Page

Tool that tests MANY url bypasses to reach a 40X protected page. If you wonder why this code is nothing but a dirty curl wrapper, here's why: Most of the python requests do url/path/parameter encoding/decoding, and I hate this. If I submit raw chars, I want raw chars to be sent. If I send a weird...

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...

SUSE: Security Advisory (SUSE-SU-2022:1819-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : python-requests (SUSE-SU-2022:1819-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1819-1 advisory. - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-ht...

SUSE-SU-2022:1819-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect. bsc1111622...

new packages: python-requests

An update is available for python-requests. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: python-requests-oauthlib

An update is available for python-requests-oauthlib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

new packages: python-requests-gssapi

An update is available for python-requests-gssapi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...