Lucene search
K

23 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.72 views

K28622040: Python vulnerability CVE-2019-9948

Security Advisory Description urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call. CVE-2019-9948 Impac...

9.1CVSS7.7AI score0.11844EPSS
Exploits1Affected Software4
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-4127-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.20743EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2021/09/12 12:0 a.m.16 views

Python 2.x < 2.7.17, 3.5.x < 3.5.8, 3.6.x < 3.6.9, 3.7.x < 3.7.4 Protection Bypass Vulnerability (bpo-35907) - Windows

Python is prone to a protection bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescripti...

9.1CVSS9.6AI score0.11844EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.72 views

CentOS 8 : python3 (CESA-2019:3520)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3520 advisory. - python: NULL pointer dereference using a specially crafted X509 certificate CVE-2019-5010 - python: CRLF injection via the query part of the url pass...

9.1CVSS7.2AI score0.20743EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.40 views

CentOS 8 : python27:2.7 (CESA-2019:3335)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3335 advisory. - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3...

9.8CVSS7.6AI score0.17078EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2020/04/07 9:36 a.m.4 views

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS6.9AI score0.11844EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1359)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS8.5AI score0.11844EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.59 views

Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948)

Summary The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers. Vulnerability Details CVEID: CVE-2019-9947 DESCRIPTION: An issue was discovered in urllib2 in Python 2.x...

9.1CVSS0.9AI score0.11844EPSS
Exploits3Affected Software1
Amazon
Amazon
added 2019/11/19 12:0 a.m.71 views

Important: python34

Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...

9.8CVSS8.5AI score0.11844EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2019/11/06 9:47 a.m.3 views

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS6.9AI score0.11844EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/11/06 12:0 a.m.46 views

RHEL 8 : python3 (RHSA-2019:3520)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3520 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.1CVSS7.3AI score0.20743EPSS
Exploits4References23
RedHat Linux
RedHat Linux
added 2019/11/05 8:59 p.m.7 views

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS6.9AI score0.11844EPSS
Exploits1References4
Rockylinux
Rockylinux
added 2019/11/05 5:32 p.m.37 views

python27:2.7 security and bug fix update

An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet, python-markupsafe,...

9.8CVSS1.6AI score0.17078EPSS
Exploits6
Cloud Foundry
Cloud Foundry
added 2019/09/30 12:0 a.m.73 views

USN-4127-1: Python vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only...

9.8CVSS8.5AI score0.20743EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2019/08/27 12:0 a.m.40 views

Scientific Linux Security Update : python on SL7.x x86_64 (20190806)

Security Fixes : - python: Missing salt initialization in elementtree.c module CVE-2018-14647 - python: NULL pointer dereference using a specially crafted X509 certificate CVE-2019-5010 - python: CRLF injection via the query part of the url passed to urlopen CVE-2019-9740 - python: CRLF injection...

9.1CVSS6.5AI score0.20743EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2019/08/06 12:52 p.m.4 views

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS6.9AI score0.11844EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/08/06 12:52 p.m.181 views

Moderate: Red Hat Security Advisory: python security and bug fix update

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.1CVSS6.7AI score0.20743EPSS
Exploits4References9
Tenable Nessus
Tenable Nessus
added 2019/07/15 12:0 a.m.31 views

Debian DLA-1852-1 : python3.4 security update

The urllib library in Python ships support for a second, not well known URL scheme for accessing local files 'localfile://'. This scheme can be used to circumvent protections that try to block local file access and only block the well-known 'file://' schema. This update addresses the vulnerabilit...

9.1CVSS6.7AI score0.11844EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/07/08 2:35 p.m.172 views

Important: Red Hat Security Advisory: python27-python security update

An update for python27-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.11844EPSS
Exploits1References5
OSV
OSV
added 2019/03/23 6:29 p.m.3 views

ALPINE-CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS6.9AI score0.11844EPSS
Exploits1References1
Rows per page
Query Builder