SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2021:0947-1)

This update for python3 fixes the following issues : python36 was updated to 3.6.13 CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. Note that Tenable Network Security has extracted the precedin...

CVE-2020-36283

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver Ethernet Emulation Mode. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker...

Cross site scripting

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver Ethernet Emulation Mode. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker...

CVE-2020-36283

The CVE-2020-36283 issue affects HID OMNIKEY 5427 and OMNIKEY 5127 readers. A CSRF flaw in the Ethernet Emulation Mode (EEM) driver allows an authenticated user, lured to a malicious site, to send a crafted HTTP request that uploads a configuration file to the device. This can enable cross-site s...

CVE-2020-36283

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver Ethernet Emulation Mode. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker...

SUSE-SU-2021:0947-1 Security update for python3

This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379...

Ubuntu 18.04 LTS / 20.04 LTS : Django vulnerability (USN-4742-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4742-1 advisory. It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web...

SUSE SLES12 Security Update : python3 (SUSE-SU-2021:0886-1)

This update for python3 fixes the following issues : CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. Note that Tenable Network Security has extracted the preceding description block directly fr...

openSUSE Security Update : python (openSUSE-2021-435)

This update for python fixes the following issues : - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. This update was imported from the SUSE:SLE-15:Update upda...

SUSE-SU-2021:0887-1 Security update for python36

This update for python36 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379...

SUSE-SU-2021:0886-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379...

OPENSUSE-SU-2021:0435-1 Security update for python

This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. This update was imported from the SUSE:SLE-15:Update updat...

Security update for python (moderate)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2021:0435-1 Rating: moderate References: 1182379 Cross-References: CVE-2021-23336 CVSS scores: CVE-2021-23336 NVD : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2021-23336 SUSE: 5.9...

SUSE SLES12 Security Update : python (SUSE-SU-2021:0794-1)

This update for python fixes the following issues : python27 was upgraded to 2.7.18 CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. Note that Tenable Network Security has extracted the precedin...

undertow: Possible regression in fix for CVE-2020-10687

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

SUSE-SU-2021:0794-1 Security update for python

This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379...

Fedora 33 : python-django (2021-1bb399a5af)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-1bb399a5af advisory. - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are...

Fedora 33 : mingw-python3 (2021-b76ede8f4d)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-b76ede8f4d advisory. - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable ...

Fedora 32 : python-django (2021-ef83e8525a)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-ef83e8525a advisory. - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are...

Fedora 32 : mingw-python3 (2021-309bc2e727)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-309bc2e727 advisory. - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable ...