PSF-2026-24

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

Rocky Linux 8 : python27:2.7 (RLSA-2022:1821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1821 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser...

CVE-2021-4189

A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...

EulerOS 2.0 SP3 : python (EulerOS-SA-2022-1757)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-1650)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into...