1634 matches found
USN-5199-1 python3.6 vulnerabilities
It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2021-3733 It w...
USN-5199-1: Python vulnerabilities
It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2021-3733 It w...
openSUSE 15 Security Update : python3 (openSUSE-SU-2021:4104-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:4104-1 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to...
SUSE SLED15: libpython3_6m1_0 / python3 / python3-base / python3-curses / etc (SUSE-SU-2021:4104-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4104-1 advisory. - CVE-2021-3426: Fixed information disclosure via pydoc bsc1183374. - CVE-2021-3733: Fixed infinitely reading potential HTTP headers...
SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2021:4015-1)
The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4015-1 advisory. - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in...
Auerswald COMpact 8.0B - Privilege Escalation Vulnerability
Exploit Title: Auerswald COMpact 8.0B - Privilege Escalation Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Privilege Escalation RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows low-privileged...
Oracle Linux 8 : python38:3.8 (ELSA-2021-1879)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1879 advisory. - Security fix for CVE-2021-3177 Resolves: rhbz1919161 - Security fix for CVE-2020-26116 python-requests Tenable has extracted the preceding descriptio...
RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2021:4160)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4160 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
CentOS 8 : python39:3.9 and python39-devel:3.9 (CESA-2021:4160)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4160 advisory. - python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 - python-ipaddress: Improper input validation ...
EulerOS 2.0 SP5 : python (EulerOS-SA-2021-2669)
According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web...
python: urllib: HTTP client possible infinite loop on a 100 Continue response
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...
Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
python39:3.9 and python39-devel:3.9 security update
An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, modwsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil,...
ALSA-2021:4160 Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
python: urllib: Regular expression DoS in AbstractBasicAuthHandler
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...
Vulnerabilities fixed in Python
Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...
Atlassian Confluence WebWork OGNL Injection
This module exploits an OGNL injection in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. Module Options msf use exploit/multi/http/atlassianconfluencewebworkognlinjection msf exploitatlassianconfluencewebworkognlinjection show targets ...targets... msf...
CLSA-2021-1635430087 Fix CVE(s): CVE-2021-3737, CVE-2021-3733
SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-3737-.patch: Fix http client infinite line reading DoS after a HTTP 100 continue in Lib/http/client.py, Lib/test/testhttplib.py. - CVE-2021-3737 SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-3733.patch: fix a ReDoS in...
Security Bulletin: FileNet Content Manager is affected by a HTTP Client vulnerability
Summary FileNet Content Manager has addressed the following HTTP Client v3.0.1 and v4.0.1 vulnerability. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote...
SUSE: Security Advisory (SUSE-SU-2021:3489-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...