UBUNTU-CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

UBUNTU-CVE-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and earlier versions, which...

python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

AZL-59696 CVE-2023-43804 affecting package python3 for versions less than 3.9.19-13

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak...

DEBIAN-CVE-2023-40587

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...

ALPINE-CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

AZL-31170 CVE-2023-40217 affecting package python3 for versions less than 3.9.19-1

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python versions 3.11 through 3.11.4, which stems from the presence of unexpecte...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. In addition to the vulnerabilities in OpenSSL, for which the NCSC has published previous security advisories published, a vulnerability has also been fixed in the urllib.parse component. Because proper input validation does not take place, it is possible...

PT-2023-9652 · Python +6 · Python +6

Name of the Vulnerable Software and Affected Versions: Python versions 3.11 through 3.11.4 Description: The issue is related to the os.path.normpath function, which truncates a path unexpectedly at the first '0' byte if such bytes are present in the path. This could lead to security issues, as...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.11.4 and earlier, which stems from a recursive exception in th...

aigc-evals (>=0.0.2 <=0.0.3), apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1) +103 more potentially affected by CVE-2023-34233 via snowflake-connector-python (>=1.7.11 <=3.0.0)

snowflake-connector-python PYPI version =1.7.11, =0.0.2, =2.4.0, =0.0.4, =0.1.0, =1.13.21, =20230717.1.0, =0.5.83, =0.1.0, =0.4.0, =0.5.1, =1.0.5, =1.0.6 - dataligo =0.6.1 and more Source cves: CVE-2023-34233 Source advisory: OSV:PYSEC-2023-88...

USN-6139-1 python2.7, python3.10, python3.11, python3.5, python3.6, python3.8 vulnerability

Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first addressed in USN-5960-1, but was incomplete. Here we address an additional fix to that issue. CVE-2023-24329...

Python 输入验证错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. An input validation error vulnerability exists in Python versions prior to 2.7.18, and versions 3.x through 3.11,...

OESA-2023-1176 future security update

This package intends to provides a compatibility layer for Python between its two version release. The future and past packages are both provides for backports and forwards, in which you are able to use a single, clean codebase to run under Python3 environmets easily. With also providing futurize...

PT-2023-4571 · Python +11 · Python +11

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.11.4 Description: A critical issue in the urllib.parse component of Python allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters, enabling domain filter bypass, file...

SUSE CVE-2008-2316

Integer overflow in hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."...

SUSE CVE-2010-3493

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None...

SUSE CVE-2012-1150

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application...