atila-vue (>=0.1.3 <=0.1.3.5), contrail (>=0.3.0 <=1.0.2) +28 more potentially affected by CVE-2021-28658 via django (>=3.0.0 <=3.0.11)

django PYPI version =3.0.0, =0.1.3, =0.3.0, =0.1.1, =0.0.1, =0.0.1, =0.2.1, =0.8.0, =0.7.0, =0.10.0, =0.5.0, =0.6.4 and more Source cves: CVE-2021-28658 Source advisory: OSV:PYSEC-2021-6...

MGASA-2021-0165 Updated python and python3 packages fix security vulnerability

Updated python and python3 security vulnerability: The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a...

python36:3.6 security update

python36 3.6.8-2.0.1 - Rebuild with python containing fix for Orabug: 32551171CVE-2021-3177...

bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2021:0856 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE-SU-2021:0428-1 Security update for python36

This update for python36 fixes the following issues: - buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution bsc1181126, CVE-2021-3177. - Provide the newest setuptools wheel bsc1176262, CVE-2019-20916 in their correct form bsc1180686...

SUSE-SU-2021:0355-1 Security update for python

This update for python fixes the following issues: - buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution bsc1181126, CVE-2021-3177. - Provide the newest setuptools wheel bsc1176262, CVE-2019-20916 in their correct form bsc1180686...

3di-cmd-client (>=0.0.1a0 <=0.0.3), abracadabra (>=0.0.0 <=0.0.5) +738 more potentially affected by CVE-2020-28493 via jinja2 (>=2.10.0 <=2.11.2)

jinja2 PYPI version =2.10.0, =0.0.1a0, =0.0.0, =0.4.0, =0.0.1, =1.0.0a4, =0.0.3, =1.0.0, =0.1.0, =2022.9.19, =0.2.0, =0.5.1, =0.2.0, =1.0.0, =1.1.0 and more Source cves: CVE-2020-28493 Source advisory: OSV:PYSEC-2021-66...

SUSE-SU-2021:0048-1 Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec

This update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec fixes the following issues: - Update to 0.6.0 - Increase test coverage. - Add badges to README. - Test on Python 3.7 stable and 3.8-dev - Drop support for Python 3.4 - No longer pass html...

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

...

Security update for python (important)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2020:2211-1 Rating: important References: 1176262 Cross-References: CVE-2019-20916 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for python...

MGASA-2020-0451 Updated python and python3 packages fix security vulnerabilities

It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service CVE-2019-9674. It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this...

SUSE-SU-2020:3563-1 Security update for python36

This update for python36 fixes the following issues: Update to 3.6.12, including the following fixes: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 - Fixed CRLF injection via HTTP request method in httplib/http.client bsc1177211 CVE-2020-26116 - Fixed possible infinit...

SUSE-SU-2020:3121-1 Security update for python

This update for python fixes the following issues: - CVE-2020-26116: Fixed CRLF injection via HTTP request method bsc1177211...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +94 more potentially affected by CVE-2020-15201 via tensorflow-cpu (>=1.15.0 <=2.2.3)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.0.1, =0.3.3 - cemotion-apple =0.0.7 and more Source cves: CVE-2020-15201 Source advisory: OSV:PYSEC-2020-281...

tensorflowjs (>=1.5.2 <=1.7.4) potentially affected by CVE-2020-15194 via tensorflow-cpu (=2.1.0)

tensorflow-cpu PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - tensorflowjs =1.5.2, =1.7.4 Source cves: CVE-2020-15194 Source advisory: OSV:PYSEC-2020-274...

tsutils (>=4.0.5 <=5.2.0) potentially affected by CVE-2020-15147 via red-discordbot (=3.0.2)

red-discordbot PYPI version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on red-discordbot and may be impacted: - tsutils =4.0.5, =5.2.0 Source cves: CVE-2020-15147 Source advisory: OSV:PYSEC-2020-266...

SUSE-SU-2020:2276-1 Security update for python

This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs bsc1174091...

SUSE-SU-2020:2275-1 Security update for python

This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs bsc1174091...

SUSE-SU-2020:2216-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2019-20907, bsc1174091: avoiding possible infinite loop in specifically crafted tarball. - CVE-2020-14422, bsc1173274: where hash collisions in IPv4Interface and IPv6Interface could lead to DOS...

DLA-2232-1 python-httplib2 - security update

Bulletin has no description...