Huawei EulerOS: Security Advisory for python (EulerOS-SA-2021-2825)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : python (EulerOS-SA-2021-2825)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, wh...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2021-2813)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

SUSE SLES15 Security Update : python3 (SUSE-SU-2021:4015-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4015-2 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent...

EulerOS 2.0 SP8 : python2 (EulerOS-SA-2021-2812)

According to the versions of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

SUSE-SU-2021:4015-2 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287 - CVE-2021-3426: Fixed an information disclosure via pydoc. bsc1183374 - Rebuild to get new...

Ubuntu 18.04 LTS : Python vulnerabilities (USN-5200-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5200-1 advisory. It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially craft...

USN-5201-1 python3.8, python3.9 vulnerabilities

It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses 100 Continue response. Specially crafted traffic from a malicious HTTP server could cause a denial of service Dos condition for a client...

USN-5199-1 python3.6 vulnerabilities

It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2021-3733 It w...

USN-5199-1: Python vulnerabilities

It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2021-3733 It w...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2021:4104-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4104-1 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user...

openSUSE 15 Security Update : python3 (openSUSE-SU-2021:4104-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:4104-1 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2021:4015-1)

The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4015-1 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user...

Auerswald COMpact 8.0B - Privilege Escalation Vulnerability

Exploit Title: Auerswald COMpact 8.0B - Privilege Escalation Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Privilege Escalation RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows low-privileged...

Oracle Linux 8 : python38:3.8 (ELSA-2021-1879)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1879 advisory. - Security fix for CVE-2021-3177 Resolves: rhbz1919161 - Security fix for CVE-2020-26116 python-requests Tenable has extracted the preceding descriptio...

EulerOS 2.0 SP5 : python (EulerOS-SA-2021-2669)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web...

RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2021:4160)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4160 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

CentOS 8 : python39:3.9 and python39-devel:3.9 (CESA-2021:4160)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4160 advisory. - python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 - python-ipaddress: Improper input validation ...

python: urllib: HTTP client possible infinite loop on a 100 Continue response

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...