Code injection

DISPUTED An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenari...

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

PSF-2023-7 Reference count issue in _asyncio._swap_current_task()

An issue in Python CPython 3.12.0b1 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component...

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

Heap overflow

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

CVE-2023-33595

CVE-2023-33595 affects CPython v3.12.0 alpha 7. The issue is a heap use-after-free in ascii_decode (Objects/unicodeobject.c). CVSS: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (local access, low attack complexity, user interaction required). Several sources (NVD and OSV family) corroborate the same flaw....

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

PSF-2023-3

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

Debian: Security Advisory (DLA-1189-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K01955184: Python smtplib library vulnerability CVE-2016-0772

Security Advisory Description The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the...

K77241314: Python vulnerability CVE-2013-7440

Security Advisory Description The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2013-7440 Impact There is no impact; ...

SUSE CVE-2014-3539

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

SUSE CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

SUSE CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

Oracle Linux 8 : python27:2.7 (ELSA-2022-7593)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7593 advisory. - Fix CVE-2021-20095 Resolves: rhbz1955615 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...