python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

python: CPU denial of service via inefficient IDNA decoder

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

PT-2023-7210 · Ibm · Ibm Aix

Name of the Vulnerable Software and Affected Versions: IBM AIX version 7.3 Description: The issue is related to the Python implementation in IBM AIX, which could allow a non-privileged local user to cause a denial of service due to insufficient input validation. A race condition in the SSLSocket...

AlmaLinux 8 : python3 (ALSA-2023:5997)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5997 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...

AZL-59705 CVE-2023-45803 affecting package python3 for versions less than 3.9.19-14

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

USN-6394-2 python2.7 vulnerability

USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute...

Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerability (USN-6394-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6394-2 advisory. USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

Oracle Linux 9 : python3.9 (ELSA-2023-5462)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5462 advisory. 3.9.16-1.2 - Security fix for CVE-2023-40217 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Ubuntu 18.04 ESM : Python vulnerability (USN-5342-3)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5342-3 advisory. USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding fix for CVE-2021-3426 for Ubuntu 18.04 ESM. Tenable has extracted the...

Security Bulletin: Vulnerability in Python affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Python that could allow a local authenticated attacker to obtain sensitive information, The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-48565...

AlmaLinux 9 : python3.11 (ALSA-2023:5456)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5456 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...

USN-6139-1: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first...

SUSE SLES15 Security Update : python3 (SUSE-SU-2023:3804-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3804-1 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affect...

Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerability (USN-6400-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6400-1 advisory. It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to...

Important: python38

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

PSF-2023-5 XML External Entity issue in plistlib module

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

CVE-2022-48560

A use-after-free exists in Python through 3.9 via heappushpop in heapq...

DEBIAN-CVE-2022-48560

A use-after-free exists in Python through 3.9 via heappushpop in heapq...

Python 资源管理错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9.1, which stems from the fact that readints in plistlib.py is...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9.1, which stems from the presence of an XML external entity issue...