EUVD-2025-5567

Malicious code in bioql PyPI...

Fedora 40 : llhttp / python-aiohttp (2023-f2bb9ee617)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f2bb9ee617 advisory. python-aiohttp 3.8.6 2023-10-07 https://github.com/aio-libs/aiohttp/blob/v3.8.6/CHANGES.rst386-2023-10-07 Security bugfixes - Upgraded llhttp to v9.1.3:...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : python-urllib3 (2023-dede912109)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-dede912109 advisory. Update to 1.26.18. Mitigates CVE-2023-45803 / GHSA-g4mx-q9vg-27p4. Ref: https://github.com/advisories/GHSA-g4mx-q9vg-27p4 Tenable has extracted the preceding...

Design/Logic Flaw

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

CVE-2023-45803 Request body not stripped after redirect in urllib3

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

MAL-2022-5778 Malicious code in rfcs-tooling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1abbfacf3954101eb9977beb1c9691c40f0c7192b5350dedcdf4588f4e79d278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rfcs-tooling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1abbfacf3954101eb9977beb1c9691c40f0c7192b5350dedcdf4588f4e79d278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

python3 security update

3.6.8-41.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-41 - Security fix for CVE-2021-3733: Denial of service when identifying crafted invalid RFCs Resolves: rhbz1995234 3.6.8-40 - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz1933055...

python3 security update

3.6.8-39.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-39 - Security fix for CVE-2021-3733: Denial of service when identifying crafted invalid RFCs Resolves: rhbz1995234...

USN-5083-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. CVE-2021-3733 It was discovered that Python incorrectly handled certain server responses. An attacker could possibly u...

HTTP/3 and QUIC: Past, Present, and Future

You may have seen the announcements over the past two weeks -- the IETF QUIC RFCs have been published! That leads to a lot of questions, depending on how closely you've followed this space. You might be wondering what this means to you, or you might think QUIC has been an established thing for...

HTTP/3 and QUIC: Past, Present, and Future

You may have seen the announcements over the past two weeks -- the IETF QUIC RFCs have been published! That leads to a lot of questions, depending on how closely you've followed this space...

[SECURITY] Fedora 32 Update: coturn-4.5.2-1.fc32

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gat eway. It can be used as a general-purpose network traffic TURN server/gateway, to o. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relayin...

Content Delivery Networks handle HTTP headers in different and unexpected ways

Overview A Content Delivery Network CDN is a distributed network of proxy servers that deliver web content collected from a back end web server using a temporary local storage called a cache. HTTP cache poisoning is a type of attack that allows a remote attacker to inject arbitrary content using...

React Prereleases-Preparing for the Future

By Owais Sultan Recently, React has come up with prerelease channels to update users with the latest changes taking place in the React ecosystem. They spoke about this through a blog published on their React website. React relies on an open-source community to report bugs, open pull requests and...

CVE-2019-6631

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

Design/Logic Flaw

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

CVE-2019-6631

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

KDE FTP KIOSlave URI Arbitrary FTP Server Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application to properly sanitize...