Lucene search
K

183 matches found

Debian CVE
Debian CVE
added 2022/05/29 9:25 p.m.36 views

CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding...

9.8CVSS9AI score0.01869EPSS
Exploits0
OSV
OSV
added 2022/05/29 9:25 p.m.23 views

CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding...

9.8CVSS9.5AI score0.01869EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/05/29 12:0 a.m.3 views

PT-2022-7348 · Bottle +6 · Bottle +6

Name of the Vulnerable Software and Affected Versions: Bottle versions prior to 0.12.20 Description: The issue is related to uncontrolled resource consumption and mishandling of errors during early request binding. This can allow a remote attacker to cause a denial of service. Recommendations: Fo...

10CVSS7AI score0.01869EPSS
Exploits0References53
OSV
OSV
added 2022/05/17 4:19 a.m.5 views

GHSA-873Q-WPQR-XFGW Bottle does not properly limit content-types

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

9.8CVSS6.2AI score0.03101EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/17 4:19 a.m.17 views

Bottle does not properly limit content-types

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

6.8CVSS7.7AI score0.03101EPSS
Exploits0References8Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 3:5 a.m.7 views

metadoc (>=0.9.1 <=0.10.5), sphinxmark (>=0.1.15 <=0.1.16) potentially affected by CVE-2016-9964 via bottle (=0.12.10)

bottle PYPI version =0.12.10 is affected by a known vulnerability. The following packages have a transitive dependency on bottle and may be impacted: - metadoc =0.9.1, =0.1.15, =0.1.16 Source cves: CVE-2016-9964 Source advisory: OSV:GHSA-J6F7-HGHW-G437...

6.5CVSS6.5AI score0.01761EPSS
Exploits0
OSV
OSV
added 2022/05/17 3:5 a.m.3 views

GHSA-J6F7-HGHW-G437 bottle.py vulnerable to CRLF Injection

bottle.py is a fast and simple micro-framework for python web-applications. redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...

7.1CVSS6.6AI score0.01761EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.9 views

Mageia: Security Advisory (MGASA-2017-0031)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.01761EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.12 views

Mageia: Security Advisory (MGASA-2021-0171)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.6AI score0.01837EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/10/08 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-5105-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.6AI score0.01837EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/10/07 12:0 a.m.23 views

Ubuntu 18.04 LTS / 20.04 LTS : Bottle vulnerability (USN-5105-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5105-1 advisory. It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests. Tenable has...

6.8CVSS6.6AI score0.01837EPSS
Exploits1References2
OSV
OSV
added 2021/10/06 4:54 p.m.5 views

USN-5105-1 python-bottle vulnerability

It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests...

6.8CVSS5.8AI score0.01837EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2021/10/06 4:54 p.m.105 views

USN-5105-1: Bottle vulnerability

It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests...

6.8CVSS6.5AI score0.01837EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.11 views

SUSE: Security Advisory (SUSE-SU-2021:0483-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.6AI score0.01837EPSS
Exploits1References2
NVD
NVD
added 2021/06/03 11:15 p.m.11 views

CVE-2020-36009

OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability...

7.5CVSS0.01311EPSS
Exploits1References1
Prion
Prion
added 2021/06/03 11:15 p.m.12 views

Arbitrary file deletion

OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability...

5CVSS7.6AI score0.01311EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/06/03 10:16 p.m.17 views

CVE-2020-36009

OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability...

7.6AI score0.01311EPSS
Exploits1References1
CVE
CVE
added 2021/06/03 10:16 p.m.67 views

CVE-2020-36009

OBottle 2.0 in cg.php (the \c\g.php path) contains an arbitrary file download vulnerability. The CVE entry documents that this affects OBottle 2.0 and impacts confidentiality (C) with partial leakage per CVSS2/3 metrics, and contributes a HIGH impact under CVSSv3. The connected sources corroborat...

7.5CVSS7.5AI score0.01311EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.17 views

openSUSE: Security Advisory for python-bottle (openSUSE-SU-2021:0302-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8CVSS6.6AI score0.01837EPSS
Exploits1References2
OSV
OSV
added 2021/04/07 9:5 p.m.4 views

GHSA-QHX9-7HX7-CP4R bottle HTTP Request smuggling

The package bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with default...

6.8CVSS5.9AI score0.01837EPSS
Exploits1References8
Rows per page
Query Builder