CLSA-2022-1647958678 Fixed CVE-2021-3737 in python

CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...

redhat-support-lib-python and redhat-support-tool bug fix and enhancement update

An update is available for redhat-support-tool, redhat-support-lib-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The redhat-support-tool utility...

billots (=0.1.1), bitdust (=0.0.2) +36 more potentially affected by unknown CVE via twisted (>=16.0.0 <=18.9.0)

twisted PYPI version =16.0.0, =0.1.0, =18.4.0, =0.14.2, =0.0.3, =2019.5.0, =1.0.0, =1.4.3, =0.1.0, =0.3.4, =0.7.8, =0.8.9 and more Source cves: unknown CVE Source advisory: OSV:GHSA-32GV-6CF3-WCMQ...

OPENSUSE-SU-2022:0802-1 Security update for python-libxml2-python

This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes bsc1196490...

OESA-2022-1562 python-py security update

Library with cross-python path, ini-parsing, io, code, log facilities. Security Fixes: A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious inp...

b2-sdk-python 安全漏洞

b2-sdk-python is a Python library for accessing B2 cloud storage. A security vulnerability exists in b2-sdk-python, which stems from the fact that under certain circumstances, a local attacker can exploit the vulnerability via a Time Checking Time of Use TOCTOU contention condition...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4815 more potentially affected by CVE-2022-23557 via tensorflow (>=1.0.1 <=2.5.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23557 Source advisory: OSV:GHSA-GF2J-F278-XH4V...

CVE-2022-21712

A flaw was found in the twisted Python library when WebClient redirects via the RedirectAgent and BrowserLikeRedirectAgent methods. This flaw allows an attacker to take advantage of these cross-origin redirects and leak the cookie and authorization headers...

ayugespidertools (>=3.4.1 <=3.9.5), baotool (=1.0.1) +129 more potentially affected by CVE-2022-21712 via twisted (>=16.0.0 <=22.10.0)

twisted PYPI version =16.0.0, =3.4.1, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =0.1.0.dev2, =0.3.4, =0.1.0, =18.4.0, =1.1.2.post3, =1.2.0.post1 and more Source cves: CVE-2022-21712 Source advisory: OSV:PYSEC-2022-27...

USN-5215-1 nltk vulnerability

Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a denial of service...

cognitivefactory-interactive-clustering (>=0.2.1 <=0.3.0), cpraa (>=0.3.0 <=0.6.0) +18 more potentially affected by CVE-2021-41500 via cvxopt (>=1.1.8 <=1.2.6)

cvxopt PYPI version =1.1.8, =0.2.1, =0.3.0, =0.1.0, =0.2.0, =0.1.7, =1.0.1a13, =0.2.0, =1.0.2, =3.0.0.dev3, =0.0.1, =0.1.0, =0.2.2 and more Source cves: CVE-2021-41500 Source advisory: OSV:GHSA-8RH6-H94M-VJ54...

aimmo (>=0.61.9 <=1.3.3b690), ambition-edc (>=0.3.68 <=0.3.72) +71 more potentially affected by CVE-2021-45115 via django (>=2.2.0 <=2.2.25)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2021-45115 Source advisory: OSV:PYSEC-2022-1...

PYSEC-2022-5

nltk is vulnerable to Inefficient Regular Expression Complexity...

GHSA-Q34H-97WF-8R8J vault-cli contains possible RCE when reading user-defined data

Impact What kind of vulnerability is it? Who is impacted? vault-cli features the ability for rendering templated values as explained in the documentation. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a...

vault-cli contains possible RCE when reading user-defined data

Impact What kind of vulnerability is it? Who is impacted? vault-cli features the ability for rendering templated values as explained in the documentation. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a...

CVE-2021-43837

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

PYSEC-2021-853

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

CVE-2021-43837 Template injection in vault-cli

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4785 more potentially affected by CVE-2021-41207 via tensorflow (>=1.0.1 <=2.4.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2021-41207 Source advisory: OSV:PYSEC-2021-399...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4785 more potentially affected by CVE-2021-41212 via tensorflow (>=1.0.1 <=2.4.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2021-41212 Source advisory: OSV:PYSEC-2021-404...