USN-5519-1: Python vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run sudo ua fix USN-5519-1 t...

USN-5342-2 python2.7 vulnerabilities

USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this iss...

CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

Python 输入验证错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. An input validation error vulnerability exists in Python 3.x series versions prior to 3.10, which stems from an op...

Intel Distribution for Python 代码问题漏洞

Intel Distribution for Python is a Python distribution from Intel Corporation optimized for Intel hardware. A security vulnerability exists in Intel Distribution for Python versions prior to 2022.0.3. An attacker exploited the vulnerability to escalate privileges...

USN-5519-1 python2.7, python3.10, python3.4, python3.5, python3.6, python3.8, python3.9 vulnerability

It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2022:2344-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2344-1 advisory. - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the...

Simple-RAT 路径遍历漏洞

Simple-RAT is a Simple Remote Access Trojan written in Python by Sergei Personal Developers. A security vulnerability exists in versions of Simple-RAT prior to 2022-05-03, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

SUSE-SU-2022:2344-1 Security update for python

This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module bsc1198511...

python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c

A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack an...

DR-Web-Engine 安全漏洞

DR-Web-Engine is built on python based on the lxml package and uses JSON as the query structure. A security vulnerability exists in DR-Web-Engine. An attacker could exploit the vulnerability to access sensitive user information and digital currency keys, as well as elevate privileges...

USN-5342-3: Python vulnerability

USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding fix for CVE-2021-3426 for Ubuntu 18.04 ESM. Original advisory details: David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...

USN-5342-3 python3.7 vulnerability

USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding fix for CVE-2021-3426 for Ubuntu 18.04 ESM. Original advisory details: David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...

Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)

Summary There is a vulnerability in Python open source used by IBM Cloud Private for scripting. The vulnerability could be exploited by an attacker to conduct SSRF or local file include attacks. This bulletin identifies the security fixes to apply to address the Python vulnerability CVE-2021-2992...

EulerOS 2.0 SP5 : python (EulerOS-SA-2022-1548)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204-exiftool Python exploit for the CVE-2021-22204...

Python urllib.parse Vulnerability (bpo-43882) - Mac OS X

Python is prone to a vulnerability urllib.parse. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Python 注入漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python suffers from an injection vulnerability that allows an attacker to enter a crafted URL, resulting in an...

F5 Networks BIG-IP : Python vulnerability (K28622040)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K28622040 advisory. - urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it...

python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...