873 matches found
CRLF vulnerability in Fiber
Impact The filename that is given in c.Attachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to...
GHSA-9CX9-X2GP-9QVH CRLF vulnerability in Fiber
Impact The filename that is given in c.Attachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to...
Security Bulletin: Multiple vulnerabilities have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)
Summary Netty is a dependency component shipped with the IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library for Message Bus Integration. Information about the security vulnerability affecting Netty has been published. CVE-2021-21290, CVE-2021-21295, CVE-2021-21409 Vulnerabilit...
HTTP request smuggling in Undertow
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...
GHSA-QJWC-V72V-FQ6R HTTP request smuggling in Undertow
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...
SUSE: Security Advisory (SUSE-SU-2021:0947-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:0483-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM DataPower Gateway affected by multiple CVEs in Node.js
Summary IBM has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2019-15606 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an issue when HTTP header values do not have trailing OWS trimmed. By sending a specially-crafted request, an...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2021-1936)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2021-1957)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : python3 (EulerOS-SA-2021-1957)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are...
EulerOS 2.0 SP9 : python3 (EulerOS-SA-2021-1936)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are...
Oracle Linux 8 : python3 (ELSA-2021-1633)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1633 advisory. - Fix for CVE-2021-23336 Resolves: rhbz1928904 - Fix for CVE-2021-3177 Resolves: rhbz1918168 - Security fix for CVE-2020-27619: eval call on content...
Amazon Linux AMI : python34 (ALAS-2021-1504)
The version of python34 installed on the remote host is prior to 3.4.10-1.55. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1504 advisory. The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by...
Medium: python3
Issue Overview: The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of...
Amazon Linux 2 : python3 (ALAS-2021-1640)
The version of python3 installed on the remote host is prior to 3.7.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1640 advisory. The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by usin...
Low: python34
Issue Overview: The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of...
CentOS 8 : python3 (CESA-2021:1633)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1633 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python: Unsafe use of eval on data retrieved via HTTP in the...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2021-1886)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2021-1911)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...