CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

Security Bulletin: Vulnerability in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-8492)

Summary A Vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2020-8492 Vulnerability Details CVEID: CVE-2020-8492 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the urllib.request.AbstractBasicAuthHandler. By sending ...

mc4ep-lavender (>=0.8.0 <=0.17.0), muses-lpdp (>=0.2.2 <=0.4.0rc1590080566) +2 more potentially affected by CVE-2021-30459 via django-debug-toolbar (>=2.1.0 <=2.2.0)

django-debug-toolbar PYPI version =2.1.0, =0.8.0, =0.2.2, =0.1.2, =0.1.6 Source cves: CVE-2021-30459 Source advisory: OSV:PYSEC-2021-10...

PT-2021-6846

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The issue is related to the FTP client library in Python, specifically in PASV passive mode, where the library trusts the host from the PASV response by default. This allows an attacker to set...

USN-4754-4: Python 2.7 vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177...

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-26116

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-26116. Vulnerability Details CVEID: CVE-2020-26116 DESCRIPTION: Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control characters in the...

USN-4754-4 python2.7 vulnerability

USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled...

Security Bulletin: IBM Cloud Private is vulnerable to a Python vulnerability (CVE-2020-25659)

Summary IBM Cloud Private is vulnerable to a Python vulnerability Vulnerability Details CVEID: CVE-2020-25659 DESCRIPTION: python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the...

The vulnerability in the http.cookiejar.DefaultPolicy.domain_return_ok() function of the Python programming language allows a hacker to gain unauthorized access to protected information.

The vulnerability of the http.cookiejar.DefaultPolicy.domainreturnok function in the Python programming language is related to improper domain validation. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

PT-2021-2441

Name of the Vulnerable Software and Affected Versions: Python versions 3.x through 3.9.1 Description: The issue is related to a buffer overflow in the PyCArg repr function in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbe...

SUSE-SU-2020:3765-1 Security update for python

This update for python fixes the following issues: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2020-26257 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2020-26257 Source advisory: OSV:PYSEC-2020-236...

OPENSUSE-SU-2020:2211-1 Security update for python

This update for python fixes the following issues: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 This update was imported from the SUSE:SLE-15:Update update project...

OPENSUSE-SU-2020:2189-1 Security update for python

This update for python fixes the following issues: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2020:3597-1 Security update for python

This update for python fixes the following issues: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916...

Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft Windows File Systems agent (CVE-2020-15801)

Summary There is a vulnerability in Python that could allow a local attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Protect Plus Microsoft® Windows File Systems agent. Vulnerability Details CVEID: CVE-2020-15801 DESCRIPTION: Python could allow a...

USN-4581-1: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection. CVEs...

python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS

An uncontrolled resource consumption vulnerability was discovered in python in the class AbstractBasicAuthHandler, due to the kind of regular expression used while handling an authentication request in the httperrorauthreqed method. Client applications that use, directly or indirectly,...

USN-4552-2: Pam-python vulnerability

Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root...

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...