Download
| Alert*
oval:org.secpod.oval:def:605158
python-urllib3 is installed oval:org.secpod.oval:def:109066 python-urllib3 is installed oval:org.secpod.oval:def:116304 Python HTTP module with connection pooling and file POST abilities. oval:org.secpod.oval:def:109200 Python HTTP module with connection pooling and file POST abilities. oval:org.secpod.oval:def:502167 The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. A denial of service flaw was found in the way Python"s SSL module implementation perf ... oval:org.secpod.oval:def:504682 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:1601013 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext oval:org.secpod.oval:def:126430 urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: Thread safety. Connection pooling. Client-side SSL/TLS verification. File uploads with multipart encoding. Helpers for retrying requests and dealing ... oval:org.secpod.oval:def:1700172 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. oval:org.secpod.oval:def:68018 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:1504937 [1.24.2-5.0.1] - set RECENT_DATE to 01/30/2019 to make checks happy [Orabug: 30228991] [1.24.2-5] - Security fix for CVE-2020-26137 Resolves: rhbz#1883889 oval:org.secpod.oval:def:2004252 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116. oval:org.secpod.oval:def:89051113 This update for python-urllib3 fixes the following issues: * CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response . oval:org.secpod.oval:def:126292 urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: Thread safety. Connection pooling. Client-side SSL/TLS verification. File uploads with multipart encoding. Helpers for retrying requests and dealing ... oval:org.secpod.oval:def:19500532 urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak inform ... oval:org.secpod.oval:def:126309 urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: Thread safety. Connection pooling. Client-side SSL/TLS verification. File uploads with multipart encoding. Helpers for retrying requests and dealing ... oval:org.secpod.oval:def:89050952 This update for python-urllib3 fixes the following issues: * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header . oval:org.secpod.oval:def:1702008 urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body to `GET` as is required by HTTP RFCs. A ... oval:org.secpod.oval:def:504737 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:68022 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:506460 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1601030 In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter oval:org.secpod.oval:def:503427 The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix: * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence leading to possible attack on internal service * python-urllib3: Certification mishandle when error shou ... oval:org.secpod.oval:def:503307 The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence ... oval:org.secpod.oval:def:116737 Python HTTP module with connection pooling and file POST abilities. oval:org.secpod.oval:def:205297 The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence ... oval:org.secpod.oval:def:116750 Python HTTP module with connection pooling and file POST abilities. oval:org.secpod.oval:def:504402 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fix: * numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code execution * ... oval:org.secpod.oval:def:506461 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:506488 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... |