Oracle Linux 8 : python38:3.8 / and / python38-devel:3.8 (ELSA-2022-7581)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7581 advisory. Cython 0.29.14-4 - Exclude unsupported i686 arch 0.29.14-3 - Unversioned binaries renamed 0.29.14-2 - Adjusted for Python 3.8 module in RHEL 8 - without emacs...

AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2022:7592)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7592 advisory. python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : python27:2.7 (ALSA-2022:7593)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7593 advisory. python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107. Tenable has extracted the preceding description block directly from the...

OPENSUSE-SU-2022:10183-1 Security update for pyenv

This update for pyenv fixes the following issues: Update to 2.3.5 - Add CPython 3.10.7 by @edgarrmondragon in 2454 - Docs: update Fish PATH update by @gregorias in 2449 - Add CPython 3.7.14, 3.8.14 and 3.9.14 by @edgarrmondragon in 2456 - Update miniconda3-3.9-4.12.0 by @Tsuki in 2460 - Add CPyth...

Security update for pyenv (moderate)

openSUSE Security Update: Security update for pyenv Announcement ID: openSUSE-SU-2022:10183-1 Rating: moderate References: 1201582 Cross-References: CVE-2022-35861 CVSS scores: CVE-2022-35861 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 A...

EulerOS 2.0 SP3 : python (EulerOS-SA-2022-2632)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. Thi...

PSF-2022-2 Buffer overflow vulnerability in os.symlink on Windows

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates...

Fedora: Security Advisory for golang-starlark (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OESA-2022-1653 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

Input validation

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

The CVE-2015-20107 issue affects CPython’s mailcap module through Python 3.10.8 (and back-ported fixes to 3.7–3.9). Root cause: mailcap.findmatch does not escape system-mailcap commands, enabling shell-command injection when untrusted input is used (e.g., via unvalidated filenames/arguments). Doc...

PSF-2022-1 mailcap shell command injection

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

GHSA-VQP6-J452-J6WP Open Redirect in CPython that affects users of OpenStack Nova

A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL...

Open Redirect in CPython that affects users of OpenStack Nova

A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL...

OSV-2021-1809 Heap-buffer-overflow in ujson.cpython-38-x86_64-linux-gnu.so

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44973 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ujson.cpython-38-x8664-linux-gnu.so ujson.cpython-38-x8664-linux-gnu.so ujson.cpython-38-x8664-linux-gnu.so...

Inefficient Regular Expression Complexity in python/cpython

Description In recent cpython version 31ff9671 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. Vulnerability exists in EntryPoint class which is used to parse package/module entry-points. Proof of Concept Simplified PoC based on init.py Python...