No Image

USN-5204-1: Django vulnerabilities

2022-01-05 KENNETH 0

USN-5204-1: Django vulnerabilities Chris Bailey discovered that Django incorrectly handled evaluating submitted passwords. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2021-45115) Dennis Brinkrolf discovered that Django incorrectly handled the dictsort template filter. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-45116) Dennis Brinkrolf discovered that Django incorrectly handled certain file names. A remote attacker could possibly use this issue to save files to arbitrary filesystem locations. (CVE-2021-45452) Source: USN-5204-1: Django vulnerabilities

No Image

USN-5186-2: Firefox regressions

2021-12-21 KENNETH 0

USN-5186-2: Firefox regressions USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546) A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn’t be uninstalled with the extension. (CVE-2021-43540) Source: USN-5186-2: Firefox regressions

No Image

USN-5203-1: Apache Log4j 2 vulnerability

2021-12-20 KENNETH 0

USN-5203-1: Apache Log4j 2 vulnerability Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. Source: USN-5203-1: Apache Log4j 2 vulnerability

No Image

USN-5201-1: Python vulnerabilities

2021-12-18 KENNETH 0

USN-5201-1: Python vulnerabilities It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (Dos) condition for a client. Source: USN-5201-1: Python vulnerabilities

No Image

USN-5200-1: Python vulnerabilities

2021-12-17 KENNETH 0

USN-5200-1: Python vulnerabilities It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2020-8492) It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733) It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737) Source: USN-5200-1: Python vulnerabilities