79 matches found
Siemens SIMATIC S7-1500 Improper Neutralization of CRLF Sequences (CVE-2019-9740)
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...
Linux Distros Unpatched Vulnerability : CVE-2019-9740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a ur...
Ubuntu: Security Advisory (USN-6891-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 6 / 7 : rh-python36-python (RHSA-2019:3725)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3725 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high leve...
Debian dla-3610 : python-urllib3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3610 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3610-1 [email protected]...
Oracle Linux 8 : python3 (ELSA-2019-3520)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3520 advisory. - Fix for CVE-2019-10160 Resolves: rhbz1689318 - Security fix for CVE-2019-9948 Resolves: rhbz1714643 - Fixes CVE-2019-9740 and CVE-2019-9947 Resolves:...
Mageia: Security Advisory (MGASA-2019-0318)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Python 2.x < 2.7.17, 3.x < 3.5.8, 3.6.x < 3.6.9, 3.7.x < 3.7.4 HTTP Header Injection Vulnerability (bpo-30458) - Mac OS X
Python is prone to a HTTP header injection vulnerability follow-up of CVE-2016-5699. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Python 2.x < 2.7.17, 3.x < 3.5.8, 3.6.x < 3.6.9, 3.7.x < 3.7.4 HTTP Header Injection Vulnerability (bpo-30458) - Linux
Python is prone to a HTTP header injection vulnerability follow-up of CVE-2016-5699. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SUSE: Security Advisory (SUSE-SU-2019:2370-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:2332-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : python36 (ALAS-2020-1428)
The version of python36 installed on the remote host is prior to 3.6.11-1.18. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1428 advisory. In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when...
Amazon Linux AMI : python34, python35 (ALAS-2020-1429)
The version of python34 installed on the remote host is prior to 3.4.10-1.51. The version of python35 installed on the remote host is prior to 3.5.9-1.27. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1429 advisory. In Lib/tarfile.py in Python through 3.8.3...
Debian DLA-2337-1 : python2.7 security update
Multiple vulnerabilities were discovered in Python2.7, an interactive high-level object-oriented language. CVE-2018-20852 By using a malicious server an attacker might steal cookies that are meant for other domains. CVE-2019-5010 NULL pointer dereference using a specially crafted X509 certificate...
[SECURITY] [DLA 2337-1] python2.7 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2337-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 22, 2020 https://wiki.debian.org/LTS -...
CRLF Injection
urllib2 in python2 is vulnerable to CRLF injection. The vulnerability exists if an attacker controls a URL parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL followed by an HTTP header. This vulnerability is similar to...
Amazon Linux AMI : python27, python34, python35, python36 (ALAS-2020-1407)
The version of python27 installed on the remote host is prior to 2.7.18-1.138. The version of python34 installed on the remote host is prior to 3.4.10-1.50. The version of python35 installed on the remote host is prior to 3.5.7-1.26. The version of python36 installed on the remote host is prior t...
Debian: Security Advisory (DLA-2280-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2280-1] python3.5 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2280-1 [email protected] https://www.debian.org/lts/security/ July 15, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package :...
EulerOS 2.0 SP2 : python-urllib3 (EulerOS-SA-2020-1643)
According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the...