Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2020/12/09 12:0 a.m.57 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Multiple Vulnerabilities (NS-SA-2020-0094)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by multiple vulnerabilities: - http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricke...

7.5CVSS7.3AI score0.01665EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2020/12/09 12:0 a.m.145 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2020-0059)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricke...

7.5CVSS7.3AI score0.01665EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2020/06/04 12:0 a.m.63 views

Amazon Linux 2 : python, --advisory ALAS2-2020-1432 (ALAS-2020-1432)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1432 advisory. http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain:...

5.3CVSS7.3AI score0.01665EPSS
Exploits1References4
Exploit DB
Exploit DBadded 2020/05/26 12:0 a.m.275 views

Pi-hole 4.4.0 - Remote Code Execution (Authenticated)

Exploit Title: Pi-hole 4.4.0 - Remote Code Execution Authenticated Date: 2020-05-22 Exploit Author: Photubias Vendor Advisory: 1 https://github.com/pi-hole/AdminLTE Version: Pi-hole . Based and improved on: https://github.com/Frichetten/CVE-2020-11108-PoC/blob/master/cve-2020-11108-rce.py File na...

9CVSS8.7AI score0.8959EPSS
Exploits17
OSV
OSVadded 2019/11/14 12:0 a.m.26 views

PSF-2019-14 Regular Expression Denial of Service in http.cookiejar

The regex http.cookiejar.LOOSEHTTPDATERE is vulnerable to regular expression denial of service "REDoS". LOOSEHTTPDATERE.match is called when using http.cookiejar.CookieJar to parse Set-Cookie headers returned by a HTTP server. Processing a response from a malicious HTTP server can lead to extreme...

6.1CVSS7AI score0.02456EPSS
Exploits1References2
OSV
OSVadded 2019/07/13 9:15 p.m.24 views

CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS6.8AI score
Exploits0References18
CVE
CVEadded 2019/07/13 8:29 p.m.837 views

CVE-2018-20852

CVE-2018-20852 describes a flaw in Python’s http.cookiejar DefaultPolicy.domain_return_ok where domain validation is insufficient, allowing an attacker-controlled server to siphon cookies by using a host name that has another valid hostname as a suffix (e.g., pythonicexample.com to access example...

5.3CVSS6.4AI score0.01665EPSS
Exploits1References18Affected Software1
Rows per page
Query Builder