781 matches found
DLA-3610-1 python-urllib3 - security update
Bulletin has no description...
Debian dla-3610 : python-urllib3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3610 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3610-1 [email protected]...
Oracle Linux 7 : python-urllib3 (ELSA-2019-2272)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2272 advisory. - Add patch for CVE-2019-11236 Resolves: rhbz1703360 Tenable has extracted the preceding description block directly from the Oracle Linux security...
K000133668: Python urllib3 vulnerability CVE-2018-20060
Security Advisory Description urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or...
K000133547: Python urllib3 vulnerability CVE-2020-26137
Security Advisory Description urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116. CVE-2020-26137 Impact An attacker may...
Ubuntu: Security Advisory (USN-5812-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5812-1: urllib3 vulnerability
It was discovered that urllib3 incorrectly handled certain characters in URLs. A remote attacker could possibly use this issue to cause urllib3 to consume resources, leading to a denial of service...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python (CVE-2019-11236).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3, caused by improper validation of user-supplied input by the request parameter CVE-2019-11236. A remote attacker could exploit this vulnerability to conduct various attacks...
Ubuntu: Security Advisory (USN-3990-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : python on SL7.x i686/x86_64 (2022:5235)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:5235-1 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python-urllib3: CRLF injection via HTTP request method...
new packages: python-urllib3
An update is available for python-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...
GHSA-R64Q-W8JR-G9QP Improper Neutralization of CRLF Sequences in urllib3 library for Python
In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter...
CVE-2021-33503 affecting package python-urllib3 for versions less than 1.25.9-3
CVE-2021-33503 affecting package python-urllib3 for versions less than 1.25.9-3. A patched version of the package is available...
AlmaLinux 8 : python-urllib3 (ALSA-2021:1631)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:1631 advisory. - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the...
ROS-20220125-01
The HTTP client vulnerability for Python urllib3 is related to incorrect input validation when processing URLs with multiple "@" characters in the credentials component. Exploitation of the vulnerability could allow an attacker, remotely, cause resource exhaustion and perform a denial of service...
Mageia: Security Advisory (MGASA-2021-0055)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2013-0376)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2019-0258)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0377)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202107-36 : urllib3: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202107-36 urllib3: Multiple vulnerabilities Multiple vulnerabilities have been discovered in urllib3. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a possible Denial of Service...