CVE-2021-28363

A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates for different...

SUSE-SU-2021:0515-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs bsc1177211...

SUSE-SU-2021:0486-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs bsc1177211...

SUSE-SU-2021:0342-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs bsc1177211...

SUSE-SU-2021:0341-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs bsc1177211. - Skip test for RECENTDATE bsc1181571...

SUSE-SU-2021:0299-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - Raise ValueError if method contains control characters and thus prevents CRLF injection into URLs bsc1177211, bpo39603, CVE-2020-26116,...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.5.30 bug fix update

Red Hat OpenShift Container Platform release 4.5.30 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

CentOS 8 : python27:2.7 (CESA-2020:1605)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1605 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 - python-urllib3: Cross-host redirect does not remov...

CentOS 8 : python-urllib3 (CESA-2019:3590)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:3590 advisory. - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2018-18074 DESCRIPTION: The Requests package for Python could allow a remote attacker to obtain sensitive information, caused by...

MGASA-2021-0055 Updated python-urllib3 packages fix security vulnerability

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest CVE-2020-26137...

Updated python-pip packages fix security vulnerabilities

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack CVE-2019-20916. urllib3 before 1.25.9 allows CRLF...

openSUSE Security Update : python-urllib3 (openSUSE-2020-2282)

This update for python-urllib3 fixes the following issues : - CVE-2020-26137: Fixed a CRLF injection via HTTP request method bsc1177120. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

python-urllib3: CRLF injection via HTTP request method

A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.5.27 packages and security update

Red Hat OpenShift Container Platform release 4.5.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having ...

RHEL 7 : OpenShift Container Platform 4.5.27 (RHSA-2021:0034)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0034 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 7 : OpenShift Container Platform 3.11.374 (RHSA-2021:0079)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0079 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

SUSE-SU-2020:3897-1 Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark

This update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila,...

OPENSUSE-SU-2020:2282-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method bsc1177120. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security update for python-urllib3 (moderate)

openSUSE Security Update: Security update for python-urllib3 Announcement ID: openSUSE-SU-2020:2282-1 Rating: moderate References: 1177120 Cross-References: CVE-2020-26137 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...