CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2024/10/23 1:29 p.m.•2 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

7.5CVSS7.2AI score0.02203EPSS

Exploits2References7

RedHat Linux•added 2024/10/23 1:29 p.m.•26 views

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS6.8AI score0.02203EPSS

RedHat Linux•added 2024/10/23 10:28 a.m.•2 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

7.5CVSS7.2AI score0.02203EPSS

Exploits2References7

OSV•added 2024/10/23 12:0 a.m.•15 views

ALSA-2024:8374 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS8AI score0.02203EPSS

OSV•added 2024/10/23 12:0 a.m.•9 views

ALSA-2024:8359 Moderate: python39:3.9 and python39-devel:3.9 security update

7.5CVSS8AI score0.02203EPSS

AlmaLinux•added 2024/10/23 12:0 a.m.•15 views

Moderate: python3.11 security update

7.5CVSS7.7AI score0.02203EPSS

AlmaLinux•added 2024/10/23 12:0 a.m.•16 views

Moderate: python39:3.9 and python39-devel:3.9 security update

7.5CVSS7.7AI score0.02203EPSS

Tenable Nessus•added 2024/10/23 12:0 a.m.•18 views

RHEL 9 : python3.11 (RHSA-2024:8374)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8374 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

7.5CVSS7AI score0.02203EPSS

Exploits2References5

RedHat Linux•added 2024/10/15 10:43 a.m.•15 views

Moderate: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.8AI score0.02203EPSS

Ubuntu•added 2024/10/14 12:54 p.m.•23 views

USN-7015-4: Python vulnerability

USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in Ubuntu 14.04 LTS. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special...

5.3CVSS6.8AI score0.02507EPSS

Exploits1

OSV•added 2024/10/14 12:54 p.m.•2 views

USN-7015-4 python2.7, python3.5 vulnerability

5.3CVSS6.8AI score0.02507EPSS

Exploits1References2

OSV•added 2024/10/10 5:24 p.m.•2 views

CLSA-2024-1728581056 python3: Fix of 2 CVEs

CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing '-quoted' cookie values with backslashes...

7.5CVSS5.7AI score0.02303EPSS

CloudLinux•added 2024/10/04 7:53 p.m.•21 views

python: Fix of 2 CVEs

CVE-2024-7592: fix algorithm with quadratic complexity to avoid using excess CPU resources while parsing the cookie value - CVE-2024-6232: fix regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing and was vulnerable to ReDoS via specifically-crafted tar...

7.5CVSS7.1AI score0.02303EPSS

Exploits3

OSV•added 2024/10/04 7:48 p.m.•3 views

CLSA-2024-1728071284 python: Fix of 2 CVEs

7.5CVSS6.7AI score0.02303EPSS

RedHat Linux•added 2024/10/03 6:29 p.m.•3 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

7.5CVSS7.2AI score0.02203EPSS

Exploits2References7

RedHat Linux•added 2024/10/03 6:29 p.m.•16 views

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS6.8AI score0.02203EPSS

OSV•added 2024/10/03 6:22 p.m.•4 views

CLSA-2024-1727979765 python3.9: Fix of 2 CVEs

CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...

7.5CVSS6.7AI score0.02303EPSS

OSV•added 2024/10/02 6:54 p.m.•2 views

CLSA-2024-1727895277 Fix CVE(s): CVE-2024-6232, CVE-2024-7592

SECURITY UPDATE: Excessive CPU resources usage while parsing cookies with backslashes in value - debian/patches/CVE-2024-7592.patch: Fix quadratic complexity in parsing cookie values with backslashes - CVE-2024-7592 SECURITY UPDATE: Regular expressions that allowed excessive backtracking during...

7.5CVSS6.8AI score0.02303EPSS

OSV•added 2024/10/02 6:52 p.m.•2 views

CLSA-2024-1727895166 Fix CVE(s): CVE-2024-6232, CVE-2024-7592

SECURITY UPDATE: Regular expressions that allowed excessive backtracking during tarfile - debian/patches/CVE-2024-6232.patch: fix regexp handling in tarfile - CVE-2024-6232 SECURITY UPDATE: Algorithm with quadratic complexity using excess CPU resources while parsing the cookie value -...

7.5CVSS6.7AI score0.02303EPSS