Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2020-10735)

Summary IBM Security SOAR uses an older version of Python that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 47.2 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2020-10735 DESCRIPTION: Python is...

Trellix Advanced Research Center patches 61,000 vulnerable open-source projects

Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...

Important: python3

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

USN-5767-2 python2.7, python3.5 vulnerability

USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive...

Ubuntu 16.04 ESM : Python vulnerability (USN-5767-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5767-2 advisory. USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-craft...

chthonian

This is a Python-based local vulnerability scanning framework called Chthonian. It is designed to detect vulnerabilities in openKylin and uses a coroutine-based approach to increase detection speed. The framework has a fuzzing feature that can automatically discover vulnerabilities, detect securi...

Oracle Linux 8 : python39:3.9 (ELSA-2022-8492)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8492 advisory. - Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non- default configuration. The Python multiprocessing...

Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391)

Summary A Publicly disclosed vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2022-0391 Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the...

AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2022:7592)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7592 advisory. python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : python38:3.8 and python38-devel:3.8 (ALSA-2022:7581)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7581 advisory. python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107 Tenable has extracted the preceding description block directly from the...

UBUNTU-CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

Ubuntu 22.04 LTS : Python vulnerability (USN-5713-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5713-1 advisory. Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue...

AIX is affected by arbitrary code execution and denial of service due to Python

IBM SECURITY ADVISORY First Issued: Tue Nov 1 10:11:15 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/pythonadvisory2.asc https://aix.software.ibm.com/aix/efixes/security/pythonadvisory2.asc...

SUSE SLES15 Security Update : python (SUSE-SU-2022:3512-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3512-2 advisory. - DISPUTED Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at th...

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

Ubuntu 16.04 ESM : Python vulnerability (USN-5629-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5629-1 advisory. It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic. Tenable has...

PT-2022-4709

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description A flaw was found in Python related to errors in converting data types between int and str. This issue is associated with algorithms that have quadratic time complexity and use non-binary bases...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.17.1)

The version of AOS installed on the remote host is prior to 5.17.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.17.1 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat trea...