USN-7218-1 python3.10, python3.8 vulnerability

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

USN-7218-1: Python vulnerability

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

BIT-PYTHON-MIN-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...

BIT-PYTHON-MIN-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

USN-7212-1 python2.7 vulnerabilities

It was discovered that Python incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2019-9674 It was discovered that Python incorrectly handled certain inputs. If a user or an automated system...

BIT-PYTHON-MIN-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

BIT-PYTHON-MIN-2022-48564

readints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format...

BIT-PYTHON-MIN-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

rasa-contrib (>=0.2.0 <=0.3.1) potentially affected by CVE-2024-49375 via rasa (=3.6.20)

rasa PYPI version =3.6.20 is affected by a known vulnerability. The following packages have a transitive dependency on rasa and may be impacted: - rasa-contrib =0.2.0, =0.3.1 Source cves: CVE-2024-49375 Source advisory: SNYK:PYTHON-RASA-8623604...

Security Bulletin: A vulnerability in Python affects IBM Robotic Process Automation which may allow and attacker to launch addtional attacks on the system (IBM X-Force ID: 273241)

Summary A vulnerability in Python affects IBM Robotic Process Automation which may allow and attacker to launch addtional attacks on the system. This bulletin identifies the fix to address this vulnerability. Vulnerability Details IBM X-Force ID: 273241 DESCRIPTION: GitLab Runner could provide...

RHEL 8 : python36:3.6 (RHSA-2024:11094)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11094 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

RHEL 8 : python36:3.6 (RHSA-2024:11091)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11091 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

Python DoS Vulnerability (Dec 2024) - Linux

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2024:4291-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4291-1 advisory. - CVE-2024-12254: Fixed unbounded memory buffering in SelectorSocketTransport.writelines bsc1234290 Other...

RHEL 8 : python3.11 (RHSA-2024:10979)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10979 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2024:4151-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4151-1 advisory. - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from...

SUSE SLES12 Security Update : python (SUSE-SU-2024:4165-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:4165-1 advisory. - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from...

Fedora 41 : python3.9 (2024-47e4624c89)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-47e4624c89 advisory. Python 3.9.21 security release. Security content in this release -------------------------------- - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-770)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-770 advisory. There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted...

RHEL 8 : python36:3.6 (RHSA-2024:10953)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10953 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...