Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2022-1091-1.NASL
HistoryApr 04, 2022 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2022:1091-1)

2022-04-0400:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1091-1 advisory.

  • A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. (CVE-2021-3572)

  • A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. (CVE-2021-4189)

  • A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like ‘\r’ and ’ ’ in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. (CVE-2022-0391)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:1091-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159475);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");

  script_cve_id("CVE-2021-3572", "CVE-2021-4189", "CVE-2022-0391");
  script_xref(name:"SuSE", value:"SUSE-SU-2022:1091-1");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2022:1091-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by
multiple vulnerabilities as referenced in the SUSE-SU-2022:1091-1 advisory.

  - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote
    attacker could possibly use this issue to install a different revision on a repository. The highest threat
    from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. (CVE-2021-3572)

  - A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV
    (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This
    flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back
    to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which
    otherwise would not have been possible. (CVE-2021-4189)

  - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform
    Resource Locator (URL) strings into components. The issue involves how the urlparse method does not
    sanitize input and allows characters like '\r' and '
' in the URL path. This flaw allows an attacker to
    input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1,
    3.9.5, 3.8.11, 3.7.11 and 3.6.14. (CVE-2022-0391)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1175619");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186819");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194146");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195396");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3572");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-4189");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0391");
  # https://lists.suse.com/pipermail/sle-security-updates/2022-April/010619.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4dce4895");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0391");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_7-1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-curses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-gdbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-xml");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED15 SP3", os_ver + " SP" + service_pack);
if (os_ver == "SLED_SAP15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED_SAP15 SP3", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(2|3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP2/3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP3", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'libpython2_7-1_0-2.7.18-150000.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'libpython2_7-1_0-2.7.18-150000.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-2.7.18-150000.38.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-2.7.18-150000.38.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-base-2.7.18-150000.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-base-2.7.18-150000.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-curses-2.7.18-150000.38.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-curses-2.7.18-150000.38.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-devel-2.7.18-150000.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-devel-2.7.18-150000.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-gdbm-2.7.18-150000.38.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-gdbm-2.7.18-150000.38.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-tk-2.7.18-150000.38.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-tk-2.7.18-150000.38.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-xml-2.7.18-150000.38.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python-xml-2.7.18-150000.38.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'libpython2_7-1_0-2.7.18-150000.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'libpython2_7-1_0-2.7.18-150000.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-2.7.18-150000.38.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-2.7.18-150000.38.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-base-2.7.18-150000.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-base-2.7.18-150000.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-curses-2.7.18-150000.38.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-python2-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-curses-2.7.18-150000.38.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-python2-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-devel-2.7.18-150000.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-python2-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-devel-2.7.18-150000.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-python2-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-gdbm-2.7.18-150000.38.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-python2-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-gdbm-2.7.18-150000.38.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-python2-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-tk-2.7.18-150000.38.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-tk-2.7.18-150000.38.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-xml-2.7.18-150000.38.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-python2-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python-xml-2.7.18-150000.38.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-python2-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'libpython2_7-1_0-2.7.18-150000.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']},
    {'reference':'python-2.7.18-150000.38.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']},
    {'reference':'python-base-2.7.18-150000.38.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']},
    {'reference':'python-tk-2.7.18-150000.38.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']},
    {'reference':'python-xml-2.7.18-150000.38.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-python3-release-15.4']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpython2_7-1_0 / python / python-base / python-curses / etc');
}
VendorProductVersionCPE
novellsuse_linuxlibpython2_7-1_0p-cpe:/a:novell:suse_linux:libpython2_7-1_0
novellsuse_linuxpythonp-cpe:/a:novell:suse_linux:python
novellsuse_linuxpython-basep-cpe:/a:novell:suse_linux:python-base
novellsuse_linuxpython-cursesp-cpe:/a:novell:suse_linux:python-curses
novellsuse_linuxpython-develp-cpe:/a:novell:suse_linux:python-devel
novellsuse_linuxpython-gdbmp-cpe:/a:novell:suse_linux:python-gdbm
novellsuse_linuxpython-tkp-cpe:/a:novell:suse_linux:python-tk
novellsuse_linuxpython-xmlp-cpe:/a:novell:suse_linux:python-xml
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

nessus 58
suse 6
openvas 54
redos 2
fedora 3
osv 19
ubuntu 4
mageia 1
cloudfoundry 1
redhat 4
almalinux 3
rocky 1
veracode 3
prion 3
cbl_mariner 3
ubuntucve 3
cve 3
oraclelinux 6
debiancve 3
redhatcve 3
ibm 9
cloudlinux 1
githubexploit 2
github 1
amazon 2
debian 1
nessus
nessus
openSUSE 15 Security Update : python (openSUSE-SU-2022:1091-1)
2022-04-04 00:00:00
EulerOS 2.0 SP8 : python2 (EulerOS-SA-2022-1581)
2022-04-25 00:00:00
EulerOS 2.0 SP8 : python3 (EulerOS-SA-2022-1582)
2022-04-25 00:00:00
suse
suse
Security update for python (moderate)
2022-04-01 00:00:00
Security update for python39-pip (moderate)
2022-01-12 00:00:00
Security update for python-pip (moderate)
2021-12-13 00:00:00
openvas
openvas
openSUSE: Security Advisory for python (openSUSE-SU-2022:1091-1)
2022-04-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1091-1)
2022-04-04 00:00:00
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2022-1581)
2022-04-25 00:00:00
redos
redos
ROS-20220407-03
2022-04-07 00:00:00
ROS-20230619-05
2023-06-19 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: python2.7-2.7.18-20.fc35
2022-02-24 23:09:24
[SECURITY] Fedora 34 Update: python2.7-2.7.18-20.fc34
2022-02-24 23:27:18
[SECURITY] Fedora 34 Update: mingw-python3-3.9.4-4.fc34
2022-02-06 02:02:39
osv
osv
python2.7 vulnerabilities
2022-08-24 08:56:59
python2.7, python3.4, python3.5, python3.6, python3.8 vulnerabilities
2022-03-28 09:39:26
python3.7 vulnerability
2022-05-23 08:53:04
ubuntu
ubuntu
Python vulnerabilities
2022-08-24 00:00:00
Python vulnerability
2022-05-23 00:00:00
Python vulnerabilities
2022-03-28 00:00:00
mageia
mageia
Updated python packages fix security vulnerability
2022-10-13 23:05:19
cloudfoundry
cloudfoundry
USN-5342-1: Python vulnerabilities | Cloud Foundry
2022-05-23 00:00:00
redhat
redhat
(RHSA-2022:1663) Moderate: python27-python and python27-python-pip security update
2022-05-02 07:48:36
(RHSA-2022:1821) Moderate: python27:2.7 security update
2022-05-10 08:02:50
(RHSA-2021:4455) Low: python-pip security update
2021-11-09 09:24:55
almalinux
almalinux
Moderate: python27:2.7 security update
2022-05-10 08:02:50
Low: python-pip security update
2021-11-09 09:24:55
Moderate: python3 security update
2022-09-13 00:00:00
rocky
rocky
python27:2.7 security update
2022-05-10 08:02:50
veracode
veracode
Injection Vulnerability
2022-02-08 08:36:16
Improper Input Validation
2021-11-11 04:14:11
Denial Of Service (DoS)
2022-01-05 04:25:08
prion
prion
Design/Logic Flaw
2022-02-09 23:15:00
Default credentials
2022-08-24 16:15:00
Design/Logic Flaw
2021-11-10 18:15:00
cbl_mariner
cbl_mariner
CVE-2022-0391 affecting package python2 2.7.18-14
2022-03-09 18:31:42
CVE-2022-0391 affecting package python3 3.7.10-7
2022-03-09 18:31:42
CVE-2021-3572 affecting package python-pip 19.2-1
2022-05-12 02:16:42
ubuntucve
ubuntucve
CVE-2022-0391
2022-02-09 00:00:00
CVE-2021-3572
2021-11-10 00:00:00
CVE-2021-4189
2021-12-31 00:00:00
cve
cve
CVE-2021-3572
2021-11-10 18:15:00
CVE-2022-0391
2022-02-09 23:15:00
CVE-2021-4189
2022-08-24 16:15:00
oraclelinux
oraclelinux
python-pip security update
2021-11-16 00:00:00
python27:2.7 security update
2022-05-17 00:00:00
python-pip security update
2023-05-23 00:00:00
debiancve
debiancve
CVE-2021-3572
2021-11-10 18:15:00
CVE-2022-0391
2022-02-09 23:15:00
CVE-2021-4189
2022-08-24 16:15:00
redhatcve
redhatcve
CVE-2022-0391
2022-01-27 18:43:26
CVE-2021-4189
2021-12-29 14:01:02
CVE-2021-3572
2021-06-01 00:42:50
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a possible sensitive information exposure in Python (CVE-2021-4189).
2023-01-12 21:59:00
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2022-0391)
2022-06-01 10:29:04
Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)
2022-08-09 05:52:22
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-0391
2022-03-07 15:12:37
githubexploit
githubexploit
Exploit for Vulnerability in Pypa Pip
2021-06-07 08:36:47
Exploit for Vulnerability in Pypa Pip
2022-05-18 10:08:35
github
github
Improper Input Validation in pip
2021-11-15 17:45:01
amazon
amazon
Medium: python27
2022-05-31 23:47:00
Medium: python
2022-05-31 23:50:00
debian
debian
[SECURITY] [DLA 2919-1] python2.7 security update
2022-02-12 18:54:50
JSON
Related for SUSE_SU-2022-1091-1.NASL
nessus58suse6openvas54redos2fedora3osv19ubuntu4mageia1cloudfoundry1redhat4almalinux3rocky1veracode3prion3cbl_mariner3ubuntucve3cve3oraclelinux6debiancve3redhatcve3ibm9cloudlinux1githubexploit2github1amazon2debian1