17 matches found
Oracle Linux 8 : python-requests (ELSA-2025-0012)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-0012 advisory. - Security fix for CVE-2024-35195 Resolves: RHEL-37605 - Security fix for CVE-2023-32681 Resolves: rhbz2209469 - Update to v2.20.0 for CVE-2018-18074. - Remove...
NewStart CGSL MAIN 6.02 : python-requests Vulnerability (NS-SA-2024-0058)
The remote NewStart CGSL host, running version MAIN 6.02, has python-requests packages installed that are affected by a vulnerability: - A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie...
Mageia: Security Advisory (MGASA-2015-0180)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0114-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2015:2156-1 Security update for python-requests
python-requests was updated to fix one security issue. This security issue was fixed: - CVE-2015-2296: The resolveredirects function in sessions.py allowed remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. bsc922448 This non-security issue was...
Fedora Update for python-requests FEDORA-2015-9664
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-pip packages fix security vulnerabilities
Updated python-pip and python-virtualenv packages fix security vulnerability: The mirroring support in python-pip was implemented without any sort of authenticity checks and is downloaded over plaintext HTTP. Further more by default it will dynamically discover the list of available mirrors by...
Medium: python-botocore
Issue Overview: A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. Affected Packages: python-botocore Issue Correction: Run yum update python-botocore or y...
Fedora 21 : python-requests-2.5.3-2.fc21 / python-urllib3-1.10.2-1.fc21 (2015-4084)
Backport of patch to not ascribe cookies to the target domain. - https://github.com/kennethreitz/requests/commit/3bd8afbf f29e50b38f889b2f688785a669b9aafc - http://www.openwall.com/lists/oss-security/2015/03/14/4 Note that Tenable Network Security has extracted the preceding description block...
Mandriva Linux Security Advisory : python-requests (MDVSA-2015:133)
Updated python-requests packages fix security vulnerabilities : Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from /.netrc file through redirect requests, if the user has their passwords stored in the /.netrc file CVE-2014-1829. It was discovered...
Fedora Update for python-requests FEDORA-2015-4084
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for python-urllib3 FEDORA-2015-4084
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-requests packages fix security vulnerability
In python-requests before 2.6.0, a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing CVE-2015-2296...
CVE-2015-2296
The resolveredirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect...
CVE-2015-2296
CVE-2015-2296 affects the Python requests project: the resolve_redirects implementation in sessions.py in versions 2.1.0 through 2.5.3 allows a remote attacker to perform session fixation via a redirect that carries a cookie without a host value. The connected data confirms the vulnerability in r...
[USN-2531-1] Requests vulnerability
========================================================================== Ubuntu Security Notice USN-2531-1 March 16, 2015 requests vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CVE-2015-2296
The resolveredirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect...