python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

SUSE-SU-2023:4001-1 Security update for python

This update for python fixes the following issues: - CVE-2022-48566: Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest. bsc1214691 - CVE-2022-48565: Fixed an XXE in the plistlib module. bsc1214685...

SUSE-SU-2023:3943-1 Security update for python311

This update for python311 fixes the following issues: Update to 3.11.5. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692. - CVE-2023-41105: Fixed input truncation on null bytes in os.path.normpath bsc1214693...

SUSE-SU-2023:3933-1 Security update for python

This update for python fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692...

abayestest (>=0.0.2 <=0.0.4), adeso (>=0.0.1 <=0.0.4) +123 more potentially affected by CVE-2023-4863 +1 more via pillow (=10.0.0)

pillow PYPI version =10.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on pillow and may be impacted: - abayestest =0.0.2, =0.0.1, =0.7.1, =0.3.4, =0.0.0, =4.4.0.46, =0.0.17, =23.28.1, =0.1.18, =1.0.0b0, =1.0.2, =0.6.15, =1.0.0, =0.0.1, =0.0.12 and...

OESA-2023-1639 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2023-1598 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

2vyper (=0.3.0), ape-vyper (>=0.7.1 <=0.8.3) +23 more potentially affected by CVE-2023-40015 via vyper (>=0.1.0b12 <=0.3.10)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.1.3, =0.1.10 and more Source cves: CVE-2023-40015 Source advisory: OSV:PYSEC-2023-167...

CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python has a security vulnerability that stems from the fact that the use of a socket can cause information leakag...

SUSE-SU-2023:2639-1 Security update for python

This update for python fixes the following issues: - CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters bsc1208471...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

matrix-synapse-testutils (>=1.65.0.0 <=1.67.0.0) potentially affected by CVE-2022-39374 via matrix-synapse (>=1.65.0 <=1.67.0)

matrix-synapse PYPI version =1.65.0, =1.65.0.0, =1.67.0.0 Source cves: CVE-2022-39374 Source advisory: OSV:PYSEC-2023-66...

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-32675 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-32675 Source advisory: OSV:PYSEC-2023-80...

12factor-configclasses (>=0.2.1 <=0.2.6), a2 (>=0.1.0 <=0.3.17) +1238 more potentially affected by CVE-2023-30798 via starlette (>=0.10.1 <=0.24.0)

starlette PYPI version =0.10.1, =0.2.1, =0.1.0, =0.1.10, =0.0.1, =1.0.0, =0.0.1, =1.0.2, =2022.0.0rc1, =0.1.0, =2.0.4, =0.0.1, =0.0.2 - adworld-render-worker =0.1.0 and more Source cves: CVE-2023-30798 Source advisory: OSV:PYSEC-2023-48...

Important: python27

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

SUSE-SU-2023:0724-1 Security update for python

This update for python fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names bsc1205244. The following...

Python < 3.7.17, 3.8.x < 3.8.17, 3.9.x < 3.9.17, 3.10.x < 3.10.12, 3.11.x < 3.11.4 RCE Vulnerability - Mac OS X

Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.5.12) +109 more potentially affected by CVE-2023-24580 via django (>=3.2.0 <=3.2.17)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.1.26, =0.1.27 - botbuilder-applicationinsights =4.14.3 and more Source cves: CVE-2023-24580 Source advisory: OSV:PYSEC-2023-13...

ae-django-utils (=0.3.1), apollo-sdk (>=0.2.0 <=0.2.11) +37 more potentially affected by CVE-2023-24580 via django (>=4.0.0 <=4.0.1)

django PYPI version =4.0.0, =0.2.0, =0.6.1, =22.0.0.dev12, =2.16.1, =0.1.5, =1.0.7, =0.9.0, =0.4.0, =0.4.2 and more Source cves: CVE-2023-24580 Source advisory: OSV:PYSEC-2023-13...