Python < 2.7.17, 3.x < 3.4.10, 3.5.x < 3.5.7, 3.6.x < 3.6.9, 3.7.x < 3.7.3 Cookie domain check returns incorrect results (bpo-35121) - Linux

Python is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Vulnerabilities fixed in Python

Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...

Python < 2.7.13, 3.4.x < 3.4.7, 3.5.x < 3.5.3 Sweet32 attack (bpo-27850) - Linux

Python is prone to a SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

01os (>=0.0.3 <=0.0.14), 102218077-topsis (=0.0.1) +10127 more potentially affected by CVE-2019-5064 via opencv-python (>=3.4.10.35 <=4.1.2.30)

opencv-python PYPI version =3.4.10.35, =0.0.3, =0.0.1, =0.1.0, =0.0.2, =2.13.0, =0.1.0, =0.1.0, =0.10.0, =0.13.0 - a-cv-sift-detection =0.10.0 - a-cv2-calculate-difference =0.10.0 and more Source cves: CVE-2019-5064 Source advisory: OSV:GHSA-Q799-Q27X-VP7W...

01os (>=0.0.3 <=0.0.14), 102218077-topsis (=0.0.1) +10101 more potentially affected by CVE-2019-14493 via opencv-python (>=3.4.10.35 <=4.1.0.25)

opencv-python PYPI version =3.4.10.35, =0.0.3, =0.0.1, =0.1.0, =0.0.2, =2.13.0, =0.1.0, =0.1.0, =0.10.0, =0.13.0 - a-cv-sift-detection =0.10.0 - a-cv2-calculate-difference =0.10.0 and more Source cves: CVE-2019-14493 Source advisory: OSV:GHSA-3448-VRGH-85XR...

The vulnerability of the aaugustin communication protocol’s websockets in the Python programming language arises from information leaks due to temporal discrepancies. This allows attackers to gain access to confidential data.

The vulnerability of the aaugustin communication protocol’s websockets in the Python programming language is related to an error that occurs when basic authentication using basicauthprotocolfactorycredentials=... is enabled. Exploiting this vulnerability can allow a remote attacker to gain access...

Quokka XML External Entity Injection Vulnerability

Quokka is a content management framework written in Python. quokka version 0.4.0 is vulnerable to XML external entity injection. A remote attacker can exploit this vulnerability to execute arbitrary code via the quokka/core/content/views.py component...

complaintclassify (=0.0.9) potentially affected by CVE-2021-37677 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-37677 Source advisory: OSV:PYSEC-2021-590...

The vulnerability in the pickle.c module of the Python programming language, related to integer overflow, allows attackers to cause a service failure.

The vulnerability in the pickle.c module of the Python programming language is related to a numerical overflow due to the large value of LONGBINPUT. This value is incorrectly handled when attempting to double the size of an object. Exploiting this vulnerability can allow a remote attacker to caus...

SUSE SLES11 Security Update : python (SUSE-SU-2020:14550-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14550-1 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

SUSE SLES11 Security Update : python (SUSE-SU-2020:14306-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14306-1 advisory. - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular...

SUSE SLES11 Security Update : python (SUSE-SU-2021:14198-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14198-1 advisory. - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses...

OPENSUSE-SU-2021:0851-1 Security update for python-py

This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py bsc1179805, bsc1184505. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by a Python vulnerability

Summary There is a vulnerability in Python used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator havs addressed the applicable CVE, CVE-2021-3177 by upgrade python to version 3.7.10 Vulnerability Details Refer to the security bulletins listed in the...

Ubuntu 20.04 LTS : Python vulnerability (USN-4973-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4973-1 advisory. It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variet...

Hiding vulnerabilities in python3

Vulnerabilities have been fixed in python3. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights -= Red Hat =- Red Hat has made updates available...

accuinsight (>=1.0.47 <=1.0.61), adapt-diagnostics (=1.2.0) +171 more potentially affected by CVE-2021-29587 via tensorflow (>=2.2.0 <=2.3.0)

tensorflow PYPI version =2.2.0, =1.0.47, =0.1.0, =0.10.0, =0.5.0, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29587 Source advisory: OSV:PYSEC-2021-224...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +92 more potentially affected by CVE-2021-29581 via tensorflow (>=2.4.0 <=2.4.1)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.0.0, =0.0.0.post0 and more Source cves: CVE-2021-29581 Source advisory: OSV:PYSEC-2021-218...

complaintclassify (=0.0.9) potentially affected by CVE-2021-29562 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29562 Source advisory: OSV:PYSEC-2021-490...

complaintclassify (=0.0.9) potentially affected by CVE-2021-29614 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29614 Source advisory: OSV:PYSEC-2021-542...