RHEL 8 : python3 (RHSA-2024:7417)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:7417 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Python vulnerability (USN-7015-3)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7015-3 advisory. USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for...

K000141253: Python vulnerability CVE-2024-22195

Security Advisory Description Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja...

SUSE CVE-2024-8947

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +347 more potentially affected by CVE-2024-5998 via langchain-community (>=0.0.1 <=0.2.1)

langchain-community PYPI version =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.0.18, =0.2.0, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.19.0, =0.30.0 and more Source cves: CVE-2024-5998 Source advisory: SNYK:PYTHON-LANGCHAINCOMMUNITY-11356595...

The vulnerability of the zipfile module in the Python programming language allows a hacker to trigger a service failure.

The vulnerability of the zipfile module in the Python programming language is related to a loop with an unreachable exit condition. Exploiting this vulnerability can allow an attacker to cause service failures...

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

AZL-48740 CVE-2024-6232 affecting package tensorflow for versions less than 2.16.1-7

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

ALPINE-CVE-2024-8088

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

AZL-48125 CVE-2024-8088 affecting package python3 for versions less than 3.12.3-4

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python has a security vulnerability that stems from the parser's use of algorithms with quadratic complexity,...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to python ( CVE-2022-45061 )

Summary Python is used by IBM Cloud Pak for Data. CVE-2022-45061. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder. By sendi...

CVE-2024-4897

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9 and earlier versions, which stems from the use of NPN that can lead ...

openSUSE Security Advisory (SUSE-SU-2024:1639-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python: use after free in heappushpop() of heapq module

A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack...

F5 Networks BIG-IP : Python vulnerability (K000139685)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139685 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11....

The vulnerability of the `pkcs12.serialize_key_and_certificates` function in the Python programming language’s cryptography package allows a malicious actor to cause a Python program to crash.

The vulnerability of the pkcs12.serializekeyandcertificates function in the Python programming language’s cryptography package is related to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a crash in a Python process remotely...

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and earlier versions, which...

USN-6513-2: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that Pytho...