Lucene search
K

44 matches found

GithubExploit
GithubExploit
added 2024/11/02 12:26 a.m.130 views

Exploit for Code Injection in Vmware Spring_Framework

Project Spring4Shell CVE-2022-22965 Blocker Firewall Se...

9.8CVSS8.8AI score0.99677EPSS
Exploits100
GithubExploit
GithubExploit
added 2024/11/02 12:26 a.m.216 views

Exploit for Code Injection in Vmware Spring_Framework

Project Spring4Shell CVE-2022-22965 Blocker Firewall Se...

9.8CVSS8.8AI score0.99677EPSS
Exploits100
RedHat Linux
RedHat Linux
added 2024/09/03 6:59 p.m.2 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/08/13 3:39 p.m.45 views

Moderate: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
CVE
CVE
added 2024/07/29 2:37 p.m.105 views

CVE-2024-41671

Twisted.web’s HTTP 1.0/1.1 server could process pipelined requests out of order, leading to information disclosure. Affected component: Twisted (Twisted.web). Root cause: disordered handling of pipelined HTTP requests. Impact: potential information disclosure as described in CVE-2024-41671. Remed...

8.3CVSS8AI score0.00856EPSS
Exploits0References5
OSV
OSV
added 2024/06/17 8:15 p.m.2 views

UBUNTU-CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/06/17 7:18 p.m.68 views

CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

4.4CVSS0.01141EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/05/22 9:59 a.m.2 views

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

8.1CVSS6.8AI score0.01207EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/05/22 12:0 a.m.62 views

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 For more details about the security issues, including the impact, a CVSS...

8.1CVSS6.5AI score0.01207EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.60 views

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 For more details about the security issues, including the impact, a CVSS...

8.1CVSS9.6AI score0.01207EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/01/30 11:2 a.m.40 views

CVE-2024-23829

An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...

6.5CVSS7.1AI score0.0102EPSS
Exploits1References4
OSV
OSV
added 2023/10/17 8:15 p.m.2 views

UBUNTU-CVE-2023-45803

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

4.2CVSS6.6AI score0.00544EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.3 views

SUSE CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

6.8CVSS9.4AI score0.0642EPSS
Exploits1References46
Vulnrichment
Vulnrichment
added 2022/08/23 12:0 a.m.1 views

CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

6.3AI score0.0199EPSS
Exploits0References18
GithubExploit
GithubExploit
added 2021/12/11 4:8 p.m.591 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2 Replay Notes, for learning purposes only Reference:...

10CVSS7AI score0.99999EPSS
Exploits347
Fedora
Fedora
added 2021/07/08 1:8 a.m.36 views

[SECURITY] Fedora 33 Update: python-urllib3-1.25.8-5.fc33

Python HTTP module with connection pooling and file POST abilities...

7.5CVSS8.6AI score0.03273EPSS
Exploits0
Fedora
Fedora
added 2021/07/04 1:10 a.m.90 views

[SECURITY] Fedora 34 Update: python-urllib3-1.25.10-5.fc34

Python HTTP module with connection pooling and file POST abilities...

7.5CVSS8.6AI score0.03273EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/05/18 2:50 p.m.2 views

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

7.2CVSS6.7AI score0.0642EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2021/04/30 6:55 a.m.673 views

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

6.1CVSS7.5AI score0.98926EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2021/02/08 12:0 a.m.7 views

PT-2021-6101

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.19.0 Description A malicious server which responds with long series of xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.8CVSS6.8AI score0.03876EPSS
Exploits1References51
Rows per page
Query Builder