EulerOS Virtualization 3.0.6.0 : python3 (EulerOS-SA-2022-1052)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, w...

EulerOS 2.0 SP9 : python3 (EulerOS-SA-2022-1033)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

EulerOS Virtualization 3.0.2.0 : python (EulerOS-SA-2021-2825)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, wh...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2021-2813)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

EulerOS 2.0 SP8 : python2 (EulerOS-SA-2021-2812)

According to the versions of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

Ubuntu 18.04 LTS : Python vulnerabilities (USN-5200-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5200-1 advisory. It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially craft...

Ubuntu 18.04 LTS : Python vulnerabilities (USN-5199-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5199-1 advisory. It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially...

Debian DLA-2808-1 : python3.5 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2808 advisory. There were a couple of vulnerabilites found in src:python3.5, the Python interpreter v3.5, and are as follows: CVE-2021-3733 The ReDoS-vulnerable regex has quadrat...

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Oracle Linux 8 : python3 (ELSA-2021-4057)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4057 advisory. 3.6.8-39.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-39 - Security fix for CVE-2021-3733: Denial of service when identifying craft...

Python 资源管理错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A resource management error vulnerability exists in the AbstractBasicAuthHandler class of python urllib, which ste...

CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

Security update for python3 (important)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2020:2333-1 Rating: important References: 1155094 1174091 1174571 1174701 1177211 1178009 1179193 1179630 Cross-References: CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-5010 CVE-2020-14422 CVE-2020-26116...

python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS

An uncontrolled resource consumption vulnerability was discovered in python in the class AbstractBasicAuthHandler, due to the kind of regular expression used while handling an authentication request in the httperrorauthreqed method. Client applications that use, directly or indirectly,...

python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS

An uncontrolled resource consumption vulnerability was discovered in python in the class AbstractBasicAuthHandler, due to the kind of regular expression used while handling an authentication request in the httperrorauthreqed method. Client applications that use, directly or indirectly,...

Denial Of Service (DoS)

python is vulnerable to denial of service DoS. The vulnerability exists because of the urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-1296)

According to the version of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regula...

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

Code injection

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...