[SECURITY] Fedora 38 Update: python3.11-3.11.7-2.fc38

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

Fedora 38 : python3-docs / python3.11 (2023-0583eedde7)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-0583eedde7 advisory. Python 3.11.7. Security fix for CVE-2023-27043. Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

[SECURITY] Fedora 39 Update: python3.11-3.11.7-2.fc39

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

Fedora: Security Advisory (FEDORA-2023-87771f4249)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 23.04 : Python vulnerability (USN-6547-1)

The remote Ubuntu 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6547-1 advisory. it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks...

Oracle Linux 9 : python3.11 (ELSA-2023-6494)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6494 advisory. - Security fixes for CVE-2023-40217 and CVE-2023-41105 Resolves: RHEL-3045, RHEL-3269 - Fix symlink handling in the fix for CVE-2023-24329 Resolves:...

python: file path truncation at \0 characters

Python 3.11 os.path.normpath function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path...

RHEL 8 : python3.11 (RHSA-2023:7024)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7024 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Fedora 39 : python-pyramid (2023-70baf5e2fe)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-70baf5e2fe advisory. - Update to 2.0.2 - Fixes CVE-2023-40587 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

RHEL 9 : python3.11 (RHSA-2023:6494)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6494 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

AlmaLinux 8 : python27:2.7 (ALSA-2023:5994)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5994 advisory. python: TLS handshake bypass CVE-2023-40217 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessus h...

Oracle Linux 9 : python3.11 (ELSA-2023-5456)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5456 advisory. 3.11.2-2.2 - Security fix for CVE-2023-40217 Resolves: rhbz2235789 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 8 : python3.11 (ELSA-2023-5463)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5463 advisory. 3.11.2-2.2 - Security fix for CVE-2023-40217 Resolves: rhbz2235789 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Rocky Linux 8 : python3.11 (RLSA-2023:5463)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5463 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTT...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2023-317)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-317 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client...

Fedora 38 : python-pyramid (2023-b213d84a16)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b213d84a16 advisory. - Update to 2.0.2 - Fixes CVE-2023-40587 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Python 3.11.x < 3.11.5, 3.12.0a1 < 3.12.0rc2 Security Bypass Vulnerability - Mac OS X

Python is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Rocky Linux 9 : python3.11 (RLSA-2023:3585)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3585 advisory. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank...

SUSE CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

CVE-2023-40587

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...