exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2019-11324

Status Candidate

Overview

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

Related Files

Red Hat Security Advisory 2020-4298-01
Posted Oct 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4298-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2016-10739, CVE-2018-14404, CVE-2018-14498, CVE-2018-16890, CVE-2018-18074, CVE-2018-18624, CVE-2018-18751, CVE-2018-19519, CVE-2018-20060, CVE-2018-20337, CVE-2018-20483, CVE-2018-20657, CVE-2018-20852, CVE-2018-9251, CVE-2019-1010180, CVE-2019-1010204, CVE-2019-11070, CVE-2019-11236, CVE-2019-11324, CVE-2019-11358, CVE-2019-11459, CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-12450
SHA-256 | b21e4b6db18910bfdf465e20ef86844c5bb5f82b4312bf2f74efe50f227b2c78
Red Hat Security Advisory 2020-3194-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3194-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-14404, CVE-2018-18074, CVE-2018-19519, CVE-2018-20060, CVE-2018-20337, CVE-2018-20852, CVE-2018-7263, CVE-2018-9251, CVE-2019-1010180, CVE-2019-1010204, CVE-2019-11236, CVE-2019-11324, CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-13232, CVE-2019-13752, CVE-2019-13753, CVE-2019-14563, CVE-2019-14822, CVE-2019-1547, CVE-2019-1549, CVE-2019-1563, CVE-2019-15847, CVE-2019-16056, CVE-2019-17451
SHA-256 | ab12a5414b74ae4ec0875438bd155092413bb637cd1033a63c83f8057805a037
Red Hat Security Advisory 2020-2068-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2068-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
SHA-256 | 87966f1f0dcdbef82c708d2e11bbdf46353bf73a365411cf42ea50c58ea945dd
Red Hat Security Advisory 2020-1605-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1605-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include crlf injection, cross-host redirect, and incorrect parsing vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2018-20852, CVE-2019-11236, CVE-2019-11324, CVE-2019-16056
SHA-256 | 3eb4d4cc738eeaf8816539a02e6c07fc0fb8726c826eb4593ecf261bf9422b6e
Red Hat Security Advisory 2020-1916-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1916-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
SHA-256 | 2be2385deefcc0b08adfe931f7bf3c65ce9469409f1802efaccb32bf26ede123
Red Hat Security Advisory 2020-0850-01
Posted Mar 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0850-01 - An update for python-pip is now available for Red Hat Enterprise Linux 7. CRLF injection and credential exposure issues were addressed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
SHA-256 | c1674723bf5c16e5a05432dc3f9d31be0db0dce59a812facdd8e98956fcd15bf
Red Hat Security Advisory 2019-3590-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3590-01 - The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. A CRLF injection issue was addressed.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2019-11236, CVE-2019-11324
SHA-256 | 40e3c9b62bb398f9c2640c160f9ed75990743d656b708606a88247242d5555d0
Red Hat Security Advisory 2019-3335-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3335-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Issues addressed include bypass and code execution vulnerabilities.

tags | advisory, vulnerability, code execution, python
systems | linux, redhat
advisories | CVE-2019-11236, CVE-2019-11324, CVE-2019-6446, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948
SHA-256 | d69b5430e2258157becca225b221e9e2e5f121f9a5cc57019e4805a9f9f7060b
Ubuntu Security Notice USN-3990-1
Posted May 21, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3990-1 - It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
SHA-256 | e9666cdd7eef3aca2bd5ffd29ff63c88a8467a370952dab56c248b7ca926192c
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close