Lucene search
K

1974 matches found

Fedora
Fedora
added 2017/12/02 9:23 p.m.31 views

[SECURITY] Fedora 26 Update: python-sanic-0.6.0-1.fc26

Sanic is a Flask-like Python 3.5+ web server that's written to go fast. It's based on the work done by the amazing folks at magicstack, and was inspired by this article: https://magic.io/blog/uvloop-blazing-fast-python-networking/. On top of being Flask-like, Sanic supports async request handlers...

7.5CVSS0.02426EPSS
Exploits1
Fedora
Fedora
added 2017/12/02 7:1 a.m.32 views

[SECURITY] Fedora 27 Update: python-sanic-0.6.0-1.fc27

Sanic is a Flask-like Python 3.5+ web server that's written to go fast. It's based on the work done by the amazing folks at magicstack, and was inspired by this article: https://magic.io/blog/uvloop-blazing-fast-python-networking/. On top of being Flask-like, Sanic supports async request handlers...

7.5CVSS0.02426EPSS
Exploits1
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/09/08 9:57 a.m.21 views

Lazy async SVG rasterisation

Phwoar I love a good sciency-sounding title. SVG can be slow When transforming an SVG image, browsers try to render on every frame to keep the image as sharp as possible. Unfortunately SVG rendering can be slow, especially for non-trivial images. Here's a demo, press "Scale SVG". Devtools timelin...

7.1AI score
Exploits0
CNVD
CNVD
added 2017/09/04 12:0 a.m.2 views

Vulnerability in Async Http Client

Async Http Client aka AHC or async-http-client is a client library that allows a Java application to perform an HTTP request and process that HTTP response asynchronously. A security vulnerability exists in Async Http Client versions prior to 2.0.35. An attacker could exploit the vulnerability to...

7.5CVSS7.5AI score0.03046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/09/01 10:18 a.m.40 views

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS2AI score0.05915EPSS
Exploits0References1
OSV
OSV
added 2017/08/31 4:29 p.m.28 views

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS6.5AI score
Exploits0References28
Prion
Prion
added 2017/08/31 4:29 p.m.31 views

Design/Logic Flaw

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

5CVSS8.2AI score0.05915EPSS
Exploits0References28Affected Software1
NVD
NVD
added 2017/08/31 4:29 p.m.36 views

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS6.5AI score0.03046EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2017/08/31 4:29 p.m.30 views

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS7.1AI score0.03046EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/08/31 4:0 p.m.37 views

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

6.8AI score0.03046EPSS
Exploits0References28
CVE
CVE
added 2017/08/31 4:0 p.m.109 views

CVE-2017-14063

CVE-2017-14063 affects Async Http Client (async-http-client) prior to 2.0.35. The underlying issue allows an attacker to cause the client to connect to a host different from the one parsed from java.net.URI when a ? appears in a fragment. This vulnerability is corroborated by CNVD-2017-31118, whi...

7.5CVSS7.7AI score0.03046EPSS
Exploits0References28Affected Software1
Debian CVE
Debian CVE
added 2017/08/31 4:0 p.m.42 views

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS7.5AI score0.03046EPSS
Exploits0
Veracode
Veracode
added 2017/08/31 5:28 a.m.25 views

Malicious Host Redirect

async-http-client is vulnerable to malicious host redirects. The library interprets the ? character in a URL as the beginning of a query or an ending of a path, allowing a malicious user to cause the application to connect to a malicious host...

7.5CVSS7.4AI score0.03046EPSS
Exploits0References54Affected Software1
Positive Technologies
Positive Technologies
added 2017/08/22 12:0 a.m.7 views

PT-2017-3938

Name of the Vulnerable Software and Affected Versions Telerik UI for ASP.NET AJAX versions prior to R1 2017 Telerik UI for ASP.NET AJAX R2 versions prior to R2 2017 SP2 Description The issue is related to weak encryption in RadAsyncUpload, which allows remote attackers to perform arbitrary file...

10CVSS10AI score0.83476EPSS
Exploits8References23
RedHat Linux
RedHat Linux
added 2017/07/20 3:59 p.m.7 views

OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

9.6CVSS7.4AI score0.02555EPSS
Exploits0References4
OSV
OSV
added 2017/07/02 12:0 p.m.5 views

RUSTSEC-2017-0008 `serial` crate is unmaintained

The serial crate is no longer maintained. Last release was on 2017-07-02. Possible alternatives Consider using an alternative, for instance the blocking librarys: - serial2 - serialport or async alternatives: - mio-serial - tokio-serial...

7.2AI score
Exploits0References3
RustSec
RustSec
added 2017/07/02 12:0 p.m.8 views

`serial` crate is unmaintained

The serial crate is no longer maintained. Last release was on 2017-07-02. Possible alternatives Consider using an alternative, for instance the blocking librarys: - serial2 - serialport or async alternatives: - mio-serial - tokio-serial...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/05/25 1:39 p.m.7 views

kernel: Oops in shash_async_export()

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...

5.5CVSS6.8AI score0.00426EPSS
Exploits0References4
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/04/18 3:25 p.m.11 views

Async iterators and generators

Streaming fetches are supported in Chrome, Edge, and Safari, and they look a little like this: async function getResponseSizeurl const response = await fetchurl; const reader = response.body.getReader; let total = 0; while true const done, value = await reader.read; if done return total; total +=...

7.1AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/04/18 3:25 p.m.18 views

Async iterators and generators

Streaming fetches are supported in Chrome, Edge, and Safari, and they look a little like this: async function getResponseSizeurl const response = await fetchurl; const reader = response.body.getReader; let total = 0; while true const done, value = await reader.read; if done return total; total +=...

7.1AI score
Exploits0
Rows per page
Query Builder