EUVD-2019-19301

Malware in sbrugna...

EUVD-2019-8136

Malware in sbrugna...

Moderate: Red Hat Security Advisory: RHOSP 17.1.4 (python-requests) security update

An update for python-requests is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

MAL-2024-12270 Malicious code in fake-usreagant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef713dc551a4b2eb9b0c94b270f4c214aa90e688076e15bb263b3bb5f3b8484b Package imitates the legitimate fake-useragent, however it has a few suspicious additions: fake.py L149 calls a function from 'urllib2' module, which contains ...

Malicious code in fake-usreagant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef713dc551a4b2eb9b0c94b270f4c214aa90e688076e15bb263b3bb5f3b8484b Package imitates the legitimate fake-useragent, however it has a few suspicious additions: fake.py L149 calls a function from 'urllib2' module, which contains ...

CLSA-2024-1723146030 Fix CVE(s): CVE-2021-3733

SECURITY UPDATE: Regular Expression Denial of Service - debian/patches/CVE-2021-3733.patch: Fix ReDoS vulnerability in AbstractBasicAuthHandler class of Lib/urllib2.py - CVE-2021-3733...

Rocky Linux 8 : python27:2.7 (RLSA-2019:3335)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3335 advisory. - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The...

Debian dla-3610 : python-urllib3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3610 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3610-1 [email protected]...

Oracle Linux 6 : python (ELSA-2011-0554)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0554 advisory. - rebase to 2.6.6: which contains the big whitespace cleanup of r81031 http://www.python.org/download/releases/2.6.6/ - fixup patch 102, patch 11, patc...

[SECURITY] Fedora 37 Update: python-requests-2.28.1-3.fc37

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module provid es most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy fo...

[SECURITY] Fedora 38 Update: python-requests-2.28.2-2.fc38

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module provid es most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy fo...

K75910138: Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150

Security Advisory Description CVE-2011-1521 The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service...

SUSE CVE-2011-1521

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service resource consumption via a crafted URL, as...

SUSE CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

SUSE CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2022:4281-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4281-1 advisory. - An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF...

Python Multiple Vulnerabilities (May 2011) - Linux

Python is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Python < 2.7.10, 3.x < 3.3.7, 3.4.x < 3.4.4 HTTP Header Injection Vulnerability (bpo-22928) - Linux

Python is prone to a HTTP header injection vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Amazon Linux AMI : python34, python35 (ALAS-2020-1429)

The version of python34 installed on the remote host is prior to 3.4.10-1.51. The version of python35 installed on the remote host is prior to 3.5.9-1.27. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1429 advisory. In Lib/tarfile.py in Python through 3.8.3...

CRLF Injection

urllib2 in python2 is vulnerable to CRLF injection. The vulnerability exists if an attacker controls a URL parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL followed by an HTTP header. This vulnerability is similar to...