99 matches found
MiracleLinux 8 : python-pip-9.0.3-16.el8 (AXSA:2020-285:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-285:03 advisory. python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 python-urllib3: CRLF injection...
TencentOS Server 3: python-urllib3 (TSSA-2022:0218)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0218 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2019-11236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 Note that Nessus...
Security Bulletin: Mutiple vulnerabilites in Python affect IBM Robotic Process Automation
Summary Mutiple vulnerabilites in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib...
Security Bulletin: A vulnerability in urllib3 affects Data Replication on Cloud Pak for Data
Summary A vulnerability in the urllib3 package has been addressed. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib3 is vulnerable to CRLF injection, caused by improper validation of user-supplied input by the request parameter. By sending a specially-crafted HTTP response...
RHEL 6 : python-urllib3 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3 [CVE-2019-11236]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3, caused by improper validation of user-supplied input by the request parameter. CVE-2019-11236. Python urllib3 is included as a component of our Speech runtimes. This...
Security Bulletin: IBM Spectrum Symphony with urllib3 could allow a remote attacker to obtain sensitive information
Summary IBM Spectrum Symphony with urllib3 could allow a remote attacker to obtain sensitive information Vulnerability Details CVEID:CVE-2018-25091 DESCRIPTION: urllib3 could allow a remote attacker to obtain sensitive information, caused by not removing the authorization HTTP header when followi...
Debian: Security Advisory (DLA-3610-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3610-1] python-urllib3 security update
Debian LTS Advisory DLA-3610-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin October 08, 2023 https://wiki.debian.org/LTS Package : python-urllib3 Version : 1.24.1-1+deb10u1 CVE ID : CVE-2019-11236 CVE-2019-11324 CVE-2020-26137 CVE-2023-43804 Debian Bug : 927172...
Debian dla-3610 : python-urllib3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3610 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3610-1 [email protected]...
Oracle Linux 7 : python-urllib3 (ELSA-2019-2272)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2272 advisory. - Add patch for CVE-2019-11236 Resolves: rhbz1703360 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Oracle Linux 8 : python-pip (ELSA-2020-1916)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1916 advisory. 9.0.3-16 - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves:...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python (CVE-2019-11236).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3, caused by improper validation of user-supplied input by the request parameter CVE-2019-11236. A remote attacker could exploit this vulnerability to conduct various attacks...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.3)
The version of AOS installed on the remote host is prior to 5.16.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.3 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat...
Ubuntu: Security Advisory (USN-3990-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
abeja-sdk (>=0.2.0rc1 <=1.1.0rc1), abejacli (>=1.0.2 <=1.0.2rc1) +857 more potentially affected by CVE-2019-11236 via urllib3 (>=1.10.2 <=1.24.2)
urllib3 PYPI version =1.10.2, =0.2.0rc1, =1.0.2, =0.18.0.3, =0.5.0, =0.70.0, =2.0.1, =0.0.1, =0.5.0, =1.1.0rc6, =0.8.0, =0.10.1 and more Source cves: CVE-2019-11236 Source advisory: OSV:GHSA-R64Q-W8JR-G9QP...
Mageia: Security Advisory (MGASA-2019-0258)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 2.0: Python PHSA-2021-2.0-0393
An update of the python package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0393. The text itself is copyright C VMware, Inc...
CVE-2019-11236 affecting package python-urllib3 1.24.2-2
CVE-2019-11236 affecting package python-urllib3 1.24.2-2. An upgraded version of the package is available that resolves this issue...