Insecure python cgi documentation and tutorials are vulnerable to XSS.

Read Time:20 Second

Posted by Georgi Guninski on Mar 21

Is there low hanging fruit for the following observation?

The documentation of the python cgi module is vulnerable to XSS
(cross site scripting)

https://docs.python.org/3/library/cgi.html

“`
form = cgi.FieldStorage()
print(“<p>name:”, form[“name”].value)
print(“<p>addr:”, form[“addr”].value)
“`

First result on google for “tutorial python cgi”
is…

Read More

Re: Microsoft PlayReady security research

Read Time:27 Second

Posted by Adam Gowdiak on Mar 21

Hello,

I feel obliged to provide additional comments to this paragraph as I
start to believe that CANAL+ might not deserve sole blame here…

While Microsoft claims there is absolutely no bug at its end, I
personally start to perceive the company as the one that should be
also blamed to some extent.

Below, I am providing you with the reasons that has lead me to such a
conclusion.

For many months, no response from CANAL+ was taken at my end as…

Read More

xen-4.16.3-4.fc37

Read Time:18 Second

FEDORA-2023-da8315e641

Packages in this update:

xen-4.16.3-4.fc37

Update description:

3 security issues (#2180425)
x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332]
x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333,
CVE-2022-42334]
x86: speculative vulnerability in 32bit SYSCALL path [XSA-429,
CVE-2022-42331]

Read More

xen-4.16.3-4.fc36

Read Time:18 Second

FEDORA-2023-04b5338dd0

Packages in this update:

xen-4.16.3-4.fc36

Update description:

3 security issues (#2180425)
x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332]
x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333,
CVE-2022-42334]
x86: speculative vulnerability in 32bit SYSCALL path [XSA-429,
CVE-2022-42331]

Read More