CVE-2019-11324

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use o...

PYSEC-2019-132

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

Beagle - An Incident Response And Digital Forensics Tool Which Transforms Security Logs And Data Into Graphs

Beagle is an incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images. The resulting Graphs can be sent to graph databases such as Neo4J or...

PT-2019-5894 · Python +8 · Urllib2 +10

Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Python versions 3.x through 3.7.3 Description: The issue is related to the urllib2 module in Python, which does not properly neutralize CRLF sequences. This allows for CRLF injection if an attacker controls ...

GHSA-38RV-5JQC-M2CV Recurly vulnerable to SSRF

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the Resource.get method that could result in compromise of API keys or other critical resources...

Recurly vulnerable to SSRF

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the Resource.get method that could result in compromise of API keys or other critical resources...

adamalib (=0.1.0), aeat-web-services (>=1.0.0 <=2.0.2) +223 more potentially affected by CVE-2018-19787 via lxml (>=3.2.3 <=4.2.4)

lxml PYPI version =3.2.3, =1.0.0, =1.0.3, =1.0.0a1.post0, =1.10.0, =0.7.2, =1.14.1, =1.3.0, =0.1.0, =1.1.0.dev1, =0.1.0, =1.2018.7.26, =0.1.1, =0.2.0, =0.4.0 and more Source cves: CVE-2018-19787 Source advisory: OSV:PYSEC-2018-12...

CVE-2018-17175

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...

CentOS 7 : libvirt (CESA-2018:1997) (Spectre)

An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

libvirt security update

CentOS Errata and Security Advisory CESA-2018:1997 An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20180626) (Spectre)

Security Fixes : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged...

Important: Red Hat Security Advisory: libvirt security and bug fix update

An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ZigBee Security Research Toolkit: KillerBee

KillerBee framework is a tool for attacking ZigBee and IEEE 802.15.4 networks. KillerBee is designed to simplify the process of sniffing packets from the air interface or a supported packet capture file libpcap or Daintree SNA, and for injecting arbitrary packets. Helper functions including IEEE...

SUSE-SU-2018:1194-1 Security update for python-pysaml2

This update for python-pysaml2 fixes the following issues: - CVE-2017-1000433: When python optimizations are enabled, any user is able to login without knowing their password. bsc1074662...

anymail-history (=0.1.8), bmds-ui (>=24.1.0 <=25.1.0) +30 more potentially affected by CVE-2018-1000089 via django-anymail (>=0.9.0 <=15.0.0)

django-anymail PYPI version =0.9.0, =24.1.0, =0.4.10, =0.1.3, =1.0.5, =0.1.0, =0.5.34, =0.1.0a1, =0.0.1, =1.2.0, =2.1.0, =1.0.0, =2026.3.27, =2026.3.28 and more Source cves: CVE-2018-1000089 Source advisory: OSV:PYSEC-2018-46...

createmeta() API call does not respect permissions

The API call for createmeta which should return metadata required for creation of issues, does not respect permissions in some cases. I was working on an automation for my team when i discovered this. Following are the details: - The bot account i am using did not have permission to view a certai...

CVE-2018-6461

March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory...

Design/Logic Flaw

An issue was discovered in markdown2 aka python-markdown2 through 2.3.5. The safemode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '' character...

[SECURITY] Fedora 25 Update: rpkg-1.51-2.fc25

Python library for interacting with rpm+git...

[SECURITY] Fedora 26 Update: rpkg-1.51-2.fc26

Python library for interacting with rpm+git...