EUVD-2014-1226

Malware in sbrugna...

EUVD-2019-0030

Malware in sbrugna...

colander

This is a Python library for deserialization and validation of data structures composed of strings, mappings, and lists. It is a package that can be used to serialize an arbitrary data structure to a data structure composed of strings, mappings, and lists, and to deserialize and validate a data...

Linux Distros Unpatched Vulnerability : CVE-2017-18361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed...

CVE-2014-125056

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known t...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...

Waitress 安全漏洞

Waitress is a production-quality, pure Python WSGI server from the Pylons project. A security vulnerability existed prior to Waitress version 3.0.1, which stemmed from the inclusion of a race condition issue...

WebOb's location header normalization during redirect leads to open redirect

Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the start of a string as a URI without a scheme, and th...

WebOb 安全漏洞

WebOb is a WSGI request and response object from Pylons Open Source. A security vulnerability exists in WebOb versions prior to 1.8.8 that stems from the presence of an open redirect...

JVN#41113329: Pyramid vulnerable to directory traversal

Pyramid provided by Pylons Project, which is a web framework for Python, contains a directory traversal vulnerability CWE-22. Impact index.html located one directory above the location of the static view's file system path can be accessed via a crafted request. Solution Update the software Update...

SUSE CVE-2017-18361

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...

CVE-2014-125056

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known t...

Design/Logic Flaw

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known t...

CVE-2014-125056

CVE-2014-125056 affects Pylons Horus, specifically an unknown functionality in the file horus/flows/local/services.py where manipulation leads to an observable timing discrepancy. The sources consistently describe high attack complexity and difficult exploitation. A patch identified as fd56ccb62c...

CVE-2014-125056 Pylons horus services.py timing discrepancy

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known t...

CVE-2014-125056 Pylons horus services.py timing discrepancy

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known t...

PT-2023-10126 · Unknown · Pylons Horus

Name of the Vulnerable Software and Affected Versions: Pylons horus affected versions not specified Description: A vulnerability was found in Pylons horus, classified as problematic, affecting some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observab...

horus 安全漏洞

horus is a Pyramid Web framework user registration and login system open-sourced by Pylons Project. A security vulnerability exists in Pylons horus. An attacker exploited the vulnerability to cause an observable time discrepancy...

Catastrophic backtracking in regex allows Denial of Service in Waitress

Impact When waitress receives a header that contains invalid characters it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This would allow an attacker to send a single request with an invalid...

HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress

Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...