urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

CVE-2024-33103

An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of t...

CVE-2024-33103

An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of t...

RHEL 8 : container-tools:4.0 (RHSA-2024:2084)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2084 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: full...

Fedora 40 : csdiff / csmock (2024-7dc030e96d)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-7dc030e96d advisory. - update to latest upstream release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

RHEL 7 : rh-git218-git (RHSA-2018:3800)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3800 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-serve...

RHEL 5 : kernel (RHSA-2017:2801)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2801 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw was found in the way the Linux kernel...

CVE-2024-4063

CVE-2024-4063 affects EZVIZ CS-C6-21WFR-8 running version 5.2.7 Build 170628, with the Davinci Application component showing improper certificate validation. The vulnerability enables remote initiation of an attack, though attack complexity is described as high and exploitability as difficult. Th...

CVE-2024-3735

A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the...

CVE-2024-3735

CVE-2024-3735 affects Smart Office (up to 20240405), targeting the Main.aspx file where manipulating the New Password/Confirm Password argument (input 1) results in weak password requirements. The vulnerability can be triggered remotely with high attack complexity; several sources indicate public...

CVE-2024-3689

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /xportalassemblesurface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to...

CVE-2024-3689 Zhejiang Land Zongheng Network Technology O2OA information disclosure

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /xportalassemblesurface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to...

EulerOS 2.0 SP9 : graphviz (EulerOS-SA-2024-1508)

According to the versions of the graphviz package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because...

Fedora 39 : chromium (2024-39b249a59c)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-39b249a59c advisory. update to 123.0.6312.105 High CVE-2024-3156: Inappropriate implementation in V8 High CVE-2024-3158: Use after free in Bookmarks High CVE-2024-3159:...

AlmaLinux 8 : less (ALSA-2024:1610)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:1610 advisory. - closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Note that Nessus has not tested for this issue but has instead...

Fedora 38 : clojure (2024-91dab41dfa)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-91dab41dfa advisory. Security fix for CVE-2024-22871 Update to upstream release 1.11.2 Tenable has extracted the preceding description block directly from the Fedora...

EulerOS Virtualization 2.11.0 : python-urllib3 (EulerOS-SA-2024-1435)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

CVE-2024-28195 Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery CSRF. Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : python3.6 (2024-8732282e7b)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8732282e7b advisory. Fix tests for XMLPullParser with Expat 2.6.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...