Redhat » Enterprise Linux Workstation : Security Vulnerabilities, CVEs, Published In March 2019 (Directory traversal) CVSS score >= 4
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
Max CVSS
9.1
EPSS Score
0.46%
Published
2019-03-23
Updated
2022-06-30
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
Max CVSS
7.5
EPSS Score
0.16%
Published
2019-03-14
Updated
2023-02-12
2 vulnerabilities found