CBL Mariner 2.0 Security Update: python3 / tensorflow (CVE-2024-8088)

The version of python3 / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8088 advisory. - There is a HIGH severity vulnerability affecting the CPython zipfile module affecting...

AlmaLinux 8 : python3.11 (ALSA-2024:6962)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6962 advisory. python: incorrect IPv4 and IPv6 private ranges CVE-2024-4032 cpython: python: email module doesn't properly quotes newlines in email headers, allowing...

Fedora: Security Advisory (FEDORA-2024-6dedbc5cf9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AIX is affected by a denial of service (CVE-2024-0397) and information disclosure (CVE-2024-4032 CVE-2024-37891) due to Python

IBM SECURITY ADVISORY First Issued: Tue Sep 17 16:13:13 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory12.asc Security Bulletin: AIX is affected by a denial of service CVE-2024-0397 and information disclosure...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python 3.12 is an accessible, high-level, dynamically typed, interpreted...

ROS-20240917-08

Vulnerability of classes ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address and ipaddress.IPv6Network of the ipaddress module of the Python programming language interpreter CPython is related to the incorrect IP address range validation. Exploitation of the vulnerability could...

BIT-PYTHON-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

CBL Mariner 2.0 Security Update: python3 / tensorflow (CVE-2024-7592)

The version of python3 / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7592 advisory. - There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standa...

ROS-20240905-02

A vulnerability in the Python programming language interpreter CPython is related to incorrectly enclosing newline characters in quotation marks for email headers when serializing a message. newline quotes for email headers when serializing a message. Exploitation vulnerability could allow an...

ROS-20240904-07

A vulnerability in the Python programming language interpreter CPython is related to a loop with an unreachable exit condition. exit condition. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2024-6232

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

CVE-2024-6232

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

AZL-48585 CVE-2024-6232 affecting package python3 for versions less than 3.9.19-5

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

AZL-48552 CVE-2024-6232 affecting package python3 for versions less than 3.12.3-4

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

CVE-2024-6232 Regular-expression DoS when parsing TarFile headers

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

CVE-2024-6232

CVE-2024-6232 affects CPython: tarfile.TarFile header parsing RegEx backtracking causes a ReDoS, with a base score of 7.5 (HIGH). Attack vector is NETWORK and requires no privileges or user interaction. Impact is listed as Availability impact being HIGH; Confidentiality/Integrity are NONE. The is...

CVE-2024-6232 Regular-expression DoS when parsing TarFile headers

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

PSF-2024-11

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

CVE-2024-6232

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...