Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

python38:3.8 and python38-devel:3.8 security update

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, modwsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe,...

CentOS 8 : python27:2.7 (CESA-2022:1821)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1821 advisory. - python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 - python: urllib: HTTP client possible infinite loop on a 100 Contin...

PT-2022-4628 · Microsoft +5 · Visual Studio +9

Name of the Vulnerable Software and Affected Versions: .NET Core versions 3.1 through 3.1.24 .NET 5.0 versions 5.0 through 5.0.16 .NET 6.0 versions 6.0 through 6.0.4 Description: The issue is related to incorrect cleanup or release of resources in Microsoft Visual Studio and the .NET Framework,...

CentOS 8 : python3 (CESA-2022:1986)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1986 advisory. - python: urllib: HTTP client possible infinite loop on a 100 Continue response CVE-2021-3737 - python: ftplib should not use the host from the PASV...

NewStart CGSL MAIN 6.02 : python3 Multiple Vulnerabilities (NS-SA-2022-0049)

The remote NewStart CGSL host, running version MAIN 6.02, has python3 packages installed that are affected by multiple vulnerabilities: - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTT...

VMware Workspace ONE Access Template Injection / Command Execution Exploit

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user. This module requires Metasploit: https://metasploit.com/download Current source:...

VMware Workspace ONE Access CVE-2022-22954

This module exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI in VMware Workspace ONE Access, to execute shell commands as the "horizon" user. Module Options msf use exploit/linux/http/vmwareworkspaceoneaccesscve202222954 msf exploitvmwareworkspaceoneaccesscve2022229...

VMware Workspace ONE Access Template Injection / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22954', 'Description' = %q This module exploits CVE-2022-22954, an unauthenticated server-side template...

RHEL 7 : python27-python and python27-python-pip (RHSA-2022:1663)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1663 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2022-1385)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-1385)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-1411)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-33207

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code...

Code injection

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code...

CVE-2021-33207

CVE-2021-33207 affects Software AG MashZone NextGen up to version 10.7 GA. The vulnerability arises in the HTTP client, which deserializes untrusted data when processing an HTTP response with status code 570. Connected sources confirm the affected product and the root cause (deserialization of un...

CVE-2021-33207

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code...

CLSA-2022-1648048535 Fix CVE(s): CVE-2021-3737

SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-3737.patch: Fix http client infinite line reading DoS after a HTTP 100 continue in Lib/httplib.py, Lib/test/testhttplib.py. - CVE-2021-3737...

CLSA-2022-1647958678 Fixed CVE-2021-3737 in python

CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...

CLSA-2022-1647958513 Fix of CVE: CVE-2021-3737

CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...