665 matches found
SUSE-SU-2021:0355-1 Security update for python
This update for python fixes the following issues: - buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution bsc1181126, CVE-2021-3177. - Provide the newest setuptools wheel bsc1176262, CVE-2019-20916 in their correct form bsc1180686...
SUSE-SU-2021:0344-1 Security update for python3
This update for python3 fixes the following issues: - Provide the newest setuptools wheel bsc1176262, CVE-2019-20916 in their correct form bsc1180686...
CentOS 8 : python-pip (CESA-2020:4432)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4432 advisory. - python-pip: directory traversal in downloadhttpurl function in src/pip/internal/download.py CVE-2019-20916 Note that Nessus has not tested for this issue but...
SUSE-SU-2020:3599-1 Security update for python-pip
This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package bsc1176262, CVE-2019-20916. - Make wheel a separate build run to avoid the setuptools/wheel build cycle...
python27:2.7 security, bug fix, and enhancement update
An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet,...
wheel-chair-accessible-facilities.focus.tv Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1033388 Security Researcher devl00p Helped patch 3018 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...
observation-wheel.focus.tv Cross Site Scripting vulnerability
Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting observation-wheel.focus.tv website and its users...
NewStart CGSL CORE 5.04 / MAIN 5.04 : gvfs Vulnerability (NS-SA-2019-0224)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gvfs packages installed that are affected by a vulnerability: - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users...
EulerOS 2.0 SP5 : gvfs (EulerOS-SA-2019-2156)
According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileg...
python36:3.6 bug fix and enhancement update
An update is available for python-pymongo, python-docutils, python-pygments, python-PyMySQL, python-docs, python36, python-virtualenv, python-distro, python-nose, python-wheel, scipy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...
CVE-2016-10986
The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumerkey, consumersecret, accesstoken, and accesstokensecret...
CVE-2016-10986
The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumerkey, consumersecret, accesstoken, and accesstokensecret...
CVE-2016-10986
CVE-2016-10986 concerns the Tweet Wheel WordPress plugin prior to version 1.0.3.3, which is vulnerable to reflected Cross-Site Scripting (XSS) via the OAuth parameters consumer_key, consumer_secret, access_token, and access_token_secret. The issue is documented across multiple feeds (NVD, Red Hat...
CVE-2016-10986
The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumerkey, consumersecret, accesstoken, and accesstokensecret...
python27:2.7 bug fix update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bux Fixes:...
gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...
python36:3.6 security update
python-PyMySQL 0.8.0-10 - Bumping due to problems with modular RPM upgrade path 1695587 - Related: rhbz1693974 python-docs 3.6.7-2 - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz1695587 python-docutils 0.14-12 - Bumping due to problems with modular RPM upgrade path 169558...
gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...
Improper Input Validation
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...