Red Hat Security Advisory 2020-4298-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
b21e4b6db18910bfdf465e20ef86844c5bb5f82b4312bf2f74efe50f227b2c78Red Hat Security Advisory 2020-3194-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a man-in-the-middle vulnerability.
ab12a5414b74ae4ec0875438bd155092413bb637cd1033a63c83f8057805a037Red Hat Security Advisory 2020-2081-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Issues addressed include crlf injection and cross-host redirect vulnerabilities.
53767ad5352ed20cb8ca7c3918fe2dda72fa748930d38fe6c8f1a01451dc060fRed Hat Security Advisory 2020-2068-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.
87966f1f0dcdbef82c708d2e11bbdf46353bf73a365411cf42ea50c58ea945ddRed Hat Security Advisory 2020-1605-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include crlf injection, cross-host redirect, and incorrect parsing vulnerabilities.
3eb4d4cc738eeaf8816539a02e6c07fc0fb8726c826eb4593ecf261bf9422b6eRed Hat Security Advisory 2020-1916-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.
2be2385deefcc0b08adfe931f7bf3c65ce9469409f1802efaccb32bf26ede123Red Hat Security Advisory 2020-0850-01 - An update for python-pip is now available for Red Hat Enterprise Linux 7. CRLF injection and credential exposure issues were addressed.
c1674723bf5c16e5a05432dc3f9d31be0db0dce59a812facdd8e98956fcd15bfRed Hat Security Advisory 2020-0851-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. CRLF injection and credential exposure issues were addressed.
38c01ab80cd3cc1715a3a741bfd74eb78d86995bb02d366abac9285f8009e31eRed Hat Security Advisory 2019-3590-01 - The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. A CRLF injection issue was addressed.
40e3c9b62bb398f9c2640c160f9ed75990743d656b708606a88247242d5555d0Red Hat Security Advisory 2019-3335-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Issues addressed include bypass and code execution vulnerabilities.
d69b5430e2258157becca225b221e9e2e5f121f9a5cc57019e4805a9f9f7060bRed Hat Security Advisory 2019-2272-01 - The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. An access check and a CRLF injection vulnerability were addressed.
ec7f8fc23e8f3904a0f0c6dd4fc4ac8108300260784fa4137febc7cdca029ed6Ubuntu Security Notice 3990-2 - USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.
5ae6d63bf7d972970ecd6d190a19d2ce58c0e9185fc6ecd9c4ff29714220bea2Microsoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling while processing CFF blend DICT operator.
4fcf434e418ec4b78b4c2d63832210327781ed08e528c125015656abfd99f10dUbuntu Security Notice 3990-1 - It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.
e9666cdd7eef3aca2bd5ffd29ff63c88a8467a370952dab56c248b7ca926192cThis Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.
4df2c6bb69a9fe3da21e575c7d71f0dc7d51d1f49ccf6cff0a23ef2afb22ff8dRed Hat Security Advisory 2019-1142-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Issues addressed include a bypass vulnerability.
3df38db5c6db7737af00a15c6487b8e47f6f4eb560ff5cfedc7411b9340cb9bdRed Hat Security Advisory 2019-1131-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Issues addressed include a bypass vulnerability.
db426515b50171432a0716ccb69ebc5b4d732cbc763f4cf985dc3c6d0c33429eUbuntu Security Notice 3954-1 - It was discovered that FreeRADIUS incorrectly handled certain inputs. An attacker could possibly use this issue to bypass authentication.
1eb13bc35a756c03e3145507d6d0d7a516996bc6cf6f7b5a26bd2720ffa03b66
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed