[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

126291

 
 

909

 
 

105100

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 1417 Download | Alert*

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: Slirp: information leakage in tcp_emu due to uninitialized stack variables For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ...

Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: Slirp: information leakage in tcp_emu due to uninitialized stack variables For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ...

The advisory is missing the security advisory description. For more information please visit the reference link

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.

The host is installed with Python through versions 2.7.16 or 3.7.2 and is prone to a CRLF injection vulnerability. The flaw is present in the application, which fails to properly handle an issue in urrlib2. Successful exploitation allows attackers to initiate CRLF injection.

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is pr ...

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is pr ...

Python 2.7.x through 2.7.16 is affected by: Improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correc ...

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   141

© SecPod Technologies