SUSE SLES12 Security Update : python3 (SUSE-SU-2024:0785-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0785-1 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primari...

CentOS 9 : python3.11-pip-22.3.1-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python3.11-pip-22.3.1-4.el9 build changelog. - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote...

SUSE SLES15 / openSUSE 15 Security Update : python310 (SUSE-SU-2024:0595-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0595-1 advisory. - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong...

SUSE SLES12 Security Update : python36 (SUSE-SU-2024:0436-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0436-1 advisory. - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an...

CentOS 8 : python3 (CESA-2023:5997)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5997 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

openSUSE 15 Security Update : python (SUSE-SU-2024:0329-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0329-1 advisory. - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...

python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

Rocky Linux 8 : python3 (RLSA-2024:0256)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0256 advisory. - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...

python: use after free in heappushpop() of heapq module

A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack...

PT-2024-19011

Name of the Vulnerable Software and Affected Versions Hyperledger Aries Cloud Agent Python ACA-Py versions 0.7.0 through 0.10.4 Description The issue arises when verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs. The result of verifying the presentation...

CentOS 7 : python3 (RHSA-2023:6823)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6823 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

Ubuntu 23.04 : Python vulnerability (USN-6547-1)

The remote Ubuntu 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6547-1 advisory. it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks...

AZL-35143 CVE-2023-6507 affecting package python3 for versions less than 3.12.3-1

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

PT-2023-9621 · Python +2 · Cpython +2

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 Description: The issue is related to errors in privilege management in the subprocess module of the CPython interpreter. When using the extra groups= parameter with an empty list as a value, the logic regressed to not...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to python vulnerability ( CVE-2022-40897 )

Summary Python is used by IBM Cloud Pak for Data as part of the Ansible operator for installation. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID:CVE-2023-40217 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module. When the...

The vulnerability of the Python programming language implementation in the IBM AIX operating system allows a perpetrator to trigger a service failure.

The vulnerability of the Python programming language implementation in the IBM AIX operating system exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation for Cloud Pak and result in an attacker sending invalid emails. (CVE-2023-27043).

Summary There is a vulnerability in Python used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. An attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected. CVE-2020-23064. This bulletin identifies the security fixes ...

Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation and result in a remote attacker bypassing security restrictions (CVE-2023-24329).

Summary There is a vulnerability in Python used by IBM Robotic Process Automation as part of Watson NLP and base container images which may result in a remote attacker to bypass security restriction CVE-2023-24329. Vulnerability Details CVEID: CVE-2023-24329 DESCRIPTION: Python could allow a remo...

CVE-2023-45167

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965...