python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS

An uncontrolled resource consumption vulnerability was discovered in python in the class AbstractBasicAuthHandler, due to the kind of regular expression used while handling an authentication request in the httperrorauthreqed method. Client applications that use, directly or indirectly,...

USN-4581-1: Python vulnerability

It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...

PT-2020-16726

Name of the Vulnerable Software and Affected Versions Python versions 3 through 3.9.0 Description The issue arises from the Lib/test/multibytecodec support.py CJK codec tests in Python, which call eval on content retrieved via HTTP. This poses a risk due to the potential for executing arbitrary...

Security Bulletin: IBM Cloud Private is vulnerable to a Python vulnerability (CVE-2020-14422)

Summary IBM Cloud Private is vulnerable to a Python vulnerability Vulnerability Details CVEID: CVE-2020-14422 DESCRIPTION: Python is vulnerable to a denial of service, caused by improper computing hash values in the IPv4Interface and IPv6Interface classes in Lib/ipaddress.py. By sending a...

azureml-designer-recommender-modules (>=0.0.1 <=0.0.9), monk-cuda100 (=0.0.1) +9 more potentially affected by CVE-2020-15205 via tensorflow-gpu (>=2.0.0 <=2.0.1)

tensorflow-gpu PYPI version =2.0.0, =0.0.1, =0.0.9 - monk-cuda100 =0.0.1 - monk-cuda100-test =0.0.1 - monk-cuda101 =0.0.1 - monk-cuda101-test =0.0.1 - monk-keras-cuda100 =0.0.1 - monk-keras-cuda100-test =0.0.1 - monk-keras-cuda101 =0.0.1 - monk-keras-cuda101-test =0.0.1 - monk-keras-cuda102 =0.0....

Security Bulletin: Python vulnerability in IBM Tivoli Application Dependency Discovery Manager (CVE-2019-16935)

Summary Vulnerabilities in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager. Vulnerability Details CVEID: CVE-2019-16935 DESCRIPTION: Python is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the python/Lib/DocXMLRPCServer.p...

CVE-2017-17522

...

CVE-2017-18207

...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities among other things allow an unauthenticated remote malicious person to remotely capable of causing a denial of service. Python has released updates to fix the vulnerabilities. More information can be found on the pages below:...

Python has an unspecified vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.8.4, which stems from the program's failure to enforc...

Solaris 10 (sparc) : 143506-15

GNOME 2.6.0: Python patch. Date this patch was last updated by Sun : Jul/13/20 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid138422; scriptversion"1.1";...

CVE-2013-7489

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...

Python Resource Management Error Vulnerability (CNVD-2020-52841)

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in the IPv4Interface and IPv6Interface of the Lib/ipaddress.py file in...

Arbitrary Code Execution

python is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...

Denial Of Service (DoS)

python is vulnerable to denial of service. Multiple integer underflow and overflow flaws were found in the Python snprintf wrapper implementation. An attacker could use these flaws to cause a denial of service memory corruption...

svglib package for Python code issue vulnerability

svglib package for Python is a Python library for reading and converting SVG files. A code issue vulnerability exists in svglib package 0.9.3 and earlier Python, which can be exploited by an attacker to conduct an XXE attack via a svg2rlg call...

LibreOffice Remote Code Execution (CVE-2019-9848)

A remote code execution vulnerability exists in LibreOffice. The vulnerability is due to the document event feature being permitted to execute LibreLogo scripts, which permits the execution of Python code. A remote attacker could exploit the vulnerability by enticing a user to open a specially...

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

DEBIAN-CVE-2019-9674

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service resource consumption via a ZIP bomb...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Vulnerability (NS-SA-2020-0002)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by a vulnerability: - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in...