Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2022-4281-1.NASL
HistoryNov 30, 2022 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2022:4281-1)

2022-11-3000:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4281-1 advisory.

  • An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0.
    CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue.
    (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1;
    v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. (CVE-2019-18348)

  • A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(text), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. (CVE-2020-10735)

  • Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)

  • The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
    This occurs in the sponge function interface. (CVE-2022-37454)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:4281-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(168289);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");

  script_cve_id(
    "CVE-2019-18348",
    "CVE-2020-8492",
    "CVE-2020-10735",
    "CVE-2022-37454"
  );
  script_xref(name:"IAVA", value:"2020-A-0103-S");
  script_xref(name:"SuSE", value:"SUSE-SU-2022:4281-1");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2022:4281-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by
multiple vulnerabilities as referenced in the SUSE-SU-2022:4281-1 advisory.

  - An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0.
    CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument
    to urllib.request.urlopen with \r
 (specifically in the host component of a URL) followed by an HTTP
    header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue.
    (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1;
    v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4,
    v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. (CVE-2019-18348)

  - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when
    using int(text), a system could take 50ms to parse an int string with 100,000 digits and 5s for
    1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not
    affected). The highest threat from this vulnerability is to system availability. (CVE-2020-10735)

  - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1
    allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client
    because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)

  - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer
    overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
    This occurs in the sponge function interface. (CVE-2022-37454)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188607");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203125");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204577");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-18348");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-10735");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-8492");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-37454");
  # https://lists.suse.com/pipermail/sle-security-updates/2022-November/013149.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4f4c1fbe");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18348");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-37454");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-curses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-dbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-idle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED15" && (! preg(pattern:"^(3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED15 SP3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLED_SAP15" && (! preg(pattern:"^(3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED_SAP15 SP3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP3/4", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'libpython3_6m1_0-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'libpython3_6m1_0-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-base-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-base-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-curses-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-curses-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-dbm-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-dbm-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-devel-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-devel-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-idle-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-idle-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-tk-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-tk-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'python3-tools-3.6.15-150300.10.37.2', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python3-tools-3.6.15-150300.10.37.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'libpython3_6m1_0-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'libpython3_6m1_0-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-base-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-base-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-curses-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-curses-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-dbm-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-dbm-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-devel-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-devel-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-idle-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-idle-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-tk-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-tk-3.6.15-150300.10.37.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
    {'reference':'python3-tools-3.6.15-150300.10.37.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
    {'reference':'python3-tools-3.6.15-150300.10.37.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpython3_6m1_0 / python3 / python3-base / python3-curses / etc');
}
VendorProductVersionCPE
novellsuse_linuxpython3-dbmp-cpe:/a:novell:suse_linux:python3-dbm
novellsuse_linuxpython3-develp-cpe:/a:novell:suse_linux:python3-devel
novellsuse_linuxpython3-idlep-cpe:/a:novell:suse_linux:python3-idle
novellsuse_linuxpython3-tkp-cpe:/a:novell:suse_linux:python3-tk
novellsuse_linuxpython3-toolsp-cpe:/a:novell:suse_linux:python3-tools
novellsuse_linux15cpe:/o:novell:suse_linux:15
novellsuse_linuxlibpython3_6m1_0p-cpe:/a:novell:suse_linux:libpython3_6m1_0
novellsuse_linuxpython3p-cpe:/a:novell:suse_linux:python3
novellsuse_linuxpython3-basep-cpe:/a:novell:suse_linux:python3-base
novellsuse_linuxpython3-cursesp-cpe:/a:novell:suse_linux:python3-curses

Related

nessus 72
prion 4
debiancve 5
alpinelinux 1
osv 11
ubuntucve 5
cve 5
openvas 32
amazon 12
veracode 4
redhatcve 4
ubuntu 5
fedora 7
cloudfoundry 1
freebsd 3
debian 4
ibm 8
redhat 5
oraclelinux 1
suse 1
f5 1
centos 2
cbl_mariner 2
photon 1
hackerone 1
checkpoint_advisories 1
github 1
nessus
nessus
Amazon Linux AMI : python27, python34, python35, python36 (ALAS-2020-1407)
2020-07-30 00:00:00
Amazon Linux AMI : python34 (ALAS-2020-1429)
2020-08-31 00:00:00
Amazon Linux AMI : python36 (ALAS-2020-1428)
2020-08-31 00:00:00
prion
prion
Path traversal
2019-10-23 17:15:00
Crlf injection
2019-03-23 18:29:00
Code injection
2019-01-21 19:29:00
debiancve
debiancve
CVE-2019-18348
2019-10-23 17:15:00
CVE-2019-9947
2019-03-23 18:29:00
CVE-2016-10739
2019-01-21 19:29:00
alpinelinux
alpinelinux
CVE-2019-18348
2019-10-23 17:15:00
osv
osv
CVE-2019-18348
2019-10-23 17:15:12
CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()
2019-10-23 16:31:22
CVE-2019-9947
2019-03-23 18:29:02
ubuntucve
ubuntucve
CVE-2019-18348
2019-10-23 00:00:00
CVE-2016-10739
2019-01-21 00:00:00
CVE-2019-9947
2019-03-23 00:00:00
cve
cve
CVE-2019-18348
2019-10-23 17:15:00
CVE-2019-9947
2019-03-23 18:29:00
CVE-2016-10739
2019-01-21 19:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4281-1)
2022-11-30 00:00:00
Ubuntu: Security Advisory (USN-4333-1)
2020-04-22 00:00:00
Fedora: Security Advisory for python36 (FEDORA-2020-8bdd3fd7a4)
2020-07-04 00:00:00
amazon
amazon
Medium: python34, python35
2020-08-27 02:29:00
Medium: python36
2020-08-27 02:25:00
Medium: python27
2020-05-22 20:58:00
veracode
veracode
CRLF Injection
2020-08-06 21:34:27
Authorization Bypass
2019-08-08 00:07:20
CRLF Injection
2019-05-27 00:40:17
redhatcve
redhatcve
CVE-2019-18348
2019-10-23 19:51:12
CVE-2019-9947
2020-04-09 10:53:01
CVE-2020-11078
2020-06-10 13:24:57
ubuntu
ubuntu
Python vulnerabilities
2020-04-21 00:00:00
Python vulnerabilities
2020-04-30 00:00:00
Python vulnerability
2023-03-07 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: python36-3.6.11-1.fc31
2020-07-10 01:02:15
[SECURITY] Fedora 32 Update: python36-3.6.11-1.fc32
2020-07-04 01:14:28
[SECURITY] Fedora 30 Update: python3-3.7.3-3.fc30
2019-05-17 01:08:18
cloudfoundry
cloudfoundry
USN-4333-1: Python vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
freebsd
freebsd
Python -- multiple vulnerabilities
2019-10-24 00:00:00
Python -- multiple vulnerabilities
2020-08-19 00:00:00
Python -- CRLF injection via the host part of the url passed to urlopen()
2019-10-24 00:00:00
debian
debian
[SECURITY] [DLA 1835-2] python3.4 regression update
2019-06-25 15:04:12
[SECURITY] [DLA 1835-1] python3.4 security update
2019-06-25 03:40:34
[SECURITY] [DLA 2280-1] python3.5 security update
2020-07-15 10:00:36
ibm
ibm
Security Bulletin: Vulnerabilities in python affects IBM Watson Studio Local
2019-12-20 21:38:39
Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948)
2019-12-20 08:47:33
Security Bulletin: Vulnerabilities in Python affect IBM Operations Analytics Predictive Insights (CVE-2019-9948, CVE-2019-9947)
2020-02-28 16:52:51
redhat
redhat
(RHSA-2020:1462) Moderate: python security update
2020-04-14 14:34:05
(RHSA-2019:3520) Moderate: python3 security and bug fix update
2019-11-05 17:55:39
(RHSA-2019:3513) Moderate: glibc security, bug fix, and enhancement update
2019-11-05 17:54:26
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2019-11-21 00:00:00
suse
suse
Security update for glibc (moderate)
2019-04-20 00:00:00
f5
f5
K35040315 : glibc vulnerability CVE-2016-10739
2019-03-08 00:00:00
centos
centos
glibc, nscd security update
2019-08-30 02:53:51
python, tkinter security update
2019-08-30 04:00:52
cbl_mariner
cbl_mariner
CVE-2016-10739 affecting package glibc 2.28-24
2020-10-08 18:09:54
CVE-2019-18348 affecting package python3 3.7.9-2
2021-07-08 21:56:42
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0304
2020-06-26 00:00:00
hackerone
hackerone
Internet Bug Bounty: CRLF Injection in urllib
2019-05-25 10:16:29
checkpoint_advisories
checkpoint_advisories
Python Project urllib CRLF Injection (CVE-2019-9740)
2019-03-19 00:00:00
github
github
Buffer overflow in sponge queue functions
2023-04-26 17:39:58
JSON
Related for SUSE_SU-2022-4281-1.NASL
nessus72prion4debiancve5alpinelinux1osv11ubuntucve5cve5openvas32amazon12veracode4redhatcve4ubuntu5fedora7cloudfoundry1freebsd3debian4ibm8redhat5oraclelinux1suse1f51centos2cbl_mariner2photon1hackerone1checkpoint_advisories1github1