EUVD-2018-0561

Malware in sbrugna...

EUVD-2020-18746

Malware in sbrugna...

CVE-2020-35239

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

CVE-2023-38434

The CVE-2023-38434 issue affects the xHTTP server library (xhttp.c) where a double-free occurs in close_connection when handling a malformed HTTP request method. Root cause: freeing conn->request.public.headers.list twice. Impact: potential crash/denial of service (availability). A publicly do...

CVE-2023-38434

xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...

CVE-2023-38434

xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...

RHEL 7 : python27 (RHSA-2020:4273)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4273 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 7 : rh-python38 (RHSA-2020:4299)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4299 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

AlmaLinux 8 : python-urllib3 (ALSA-2021:1631)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:1631 advisory. - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the...

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description in some delete actions I change the HTTP request method to GET and Also remove the CSRF token from request and then I able to Bypass your CSRF protection...

CentOS 8 : python38:3.8 (CESA-2021:1879)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1879 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python-lxml: mXSS due to the use of improper parser...

python38:3.8 security update

An update is available for python-psycopg2, python-PyMySQL, python-lxml, python3x-six, python-urllib3, PyYAML, python-jinja2, python-requests, modwsgi, python38, python-asn1crypto, python3x-pip, python-chardet, python-markupsafe, Cython, python-psutil, python-ply, babel, python-wheel,...

Cross-site Request Forgery (CSRF)

cakephp/cakephp is vulnerable to cross-site request forgery. The vulnerability exists because of the lack of verification to check a CsrfProtectionMiddleware component which bypass CSRP checks by changing HTTP request method to arbitrary string that is not in the list of request methods...

Updated python-pip packages fix security vulnerabilities

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack CVE-2019-20916. urllib3 before 1.25.9 allows CRLF...

Debian DLA-2456-1 : python3.5 security update

Multiple security issues were discovered in Python. CVE-2019-20907 In Lib/tarfile.py, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation CVE-2020-26116 http.client allows CRLF injection if the attacker contro...

SUSE-SU-2020:3121-1 Security update for python

This update for python fixes the following issues: - CVE-2020-26116: Fixed CRLF injection via HTTP request method bsc1177211...

Moderate: Red Hat Security Advisory: python27 security, bug fix, and enhancement update

An update for python27-python, python27-python-pip, and python27-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Moderate: Red Hat Security Advisory: rh-python36 security, bug fix, and enhancement update

An update for rh-python36-python, rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives...

Fedora 32 : python27 (2020-887d3fa26f)

CVE-2020-26116: HTTP request method CRLF injection in httplib Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 32 : python34 (2020-d30881c970)

CVE-2019-20907: Avoid infinite loop in the tarfile module - CVE-2020-14422: Resolve hash collisions for IPv4Interface and IPv6Interface - CVE-2020-26116: HTTP request method CRLF injection in httplib This update brings Fedora 32's python34 in sync with the EPEL7 package. Note that Tenable Network...