UBUNTU-CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

GHSA-8495-4G3G-X7PR aiohttp allows request smuggling due to incorrect parsing of chunk extensions

Summary The Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker m...

OESA-2024-2420 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Fedora 37 : python2.7 (2022-b8559307db)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b8559307db advisory. Automatic update for python2.7-2.7.18-20.fc37. Changelog Wed Feb 16 2022 Charalampos Stratakis - 2.7.18-20 - Security fixes for CVE-2021-4189 and...

Oracle Linux 8 : python3.11 (ELSA-2024-8838)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8838 advisory. 3.11.10-1.0.1 - Update rpm-macros description Orabug: 36024572 3.11.10-1 - Update to 3.11.10 Resolves: RHEL-57400 Tenable has extracted the preceding descriptio...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

RHSA-2024:4058 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

CLSA-2024-1726059010 python3.9: Fix of CVE-2024-6923

CVE-2024-6923: properly quote newlines for email headers to prevent header injection...

PT-2024-7641 · Python +2 · Python +2

Name of the Vulnerable Software and Affected Versions: pyload-ng version 0.5.0b3.dev85 pyload running under python3.11 or below Description: The issue is related to insufficient input validation in the pyload software, allowing a remote attacker to execute arbitrary code by sending a specially...

AZL-47860 CVE-2024-7592 affecting package python3 for versions less than 3.9.19-4

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

Medium: python3.9

Issue Overview: A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "certstorestats" and "getcacerts". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContex...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the Python Cryptographic Authority package

Summary The Python cryptography package which provides both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions, is used by IBM Ansible plug-in. This library is vulnerable to CVE-2024-26130...

PT-2024-23853 · Unknown · Parisneo/Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms version 5.9.0 Description: A remote code execution issue exists in the create conda env function due to the use of shell=True in the subprocess.Popen function. This allows an attacker to inject arbitrary commands by manipulati...

LoLLMs Code Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A code injection vulnerability exists in LoLLMs version 5.9.0, which stems from the presence of a remote code execution vulnerability that allows an attacker to inject arbitrary commands via th...

Important: python3.11

Issue Overview: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can r...

PT-2024-7267 · Python +1 · Python +1

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.13 Description: The issue is related to the tempfile.mkdtemp function in Python, which on Windows, may not always set the correct permissions for the temporary directory, allowing other users to read and write to it...

Medium: python3.11

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

PT-2024-23581 · Unknown +1 · Ros Python Version +1

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 versions 2 through 2, ROS PYTHON VERSION 3 Description: An arbitrary file upload issue has been discovered, allowing attackers to execute arbitrary code, cause a denial of service DoS, and obtain sensitive...

PT-2024-23559 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions where ROS VERSION is 2 and ROS PYTHON VERSION is 3 Description: A Denial-of-Service DoS issue exists, allowing a malicious user to remotely crash ROS2 nodes, causing a denial of service. The flaw leads to unexpected...

PT-2024-23570 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions where ROS VERSION is 2 and ROS PYTHON VERSION is 3 Description: An unauthorized node injection issue allows remote attackers to escalate privileges. Recommendations: For ROS2 Galactic Geochelone versions wher...