23 matches found
K28622040: Python vulnerability CVE-2019-9948
Security Advisory Description urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call. CVE-2019-9948 Impac...
Ubuntu: Security Advisory (USN-4127-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Python 2.x < 2.7.17, 3.5.x < 3.5.8, 3.6.x < 3.6.9, 3.7.x < 3.7.4 Protection Bypass Vulnerability (bpo-35907) - Windows
Python is prone to a protection bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescripti...
CentOS 8 : python3 (CESA-2019:3520)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3520 advisory. - python: NULL pointer dereference using a specially crafted X509 certificate CVE-2019-5010 - python: CRLF injection via the query part of the url pass...
CentOS 8 : python27:2.7 (CESA-2019:3335)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3335 advisory. - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3...
python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1359)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948)
Summary The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers. Vulnerability Details CVEID: CVE-2019-9947 DESCRIPTION: An issue was discovered in urllib2 in Python 2.x...
Important: python34
Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...
python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
RHEL 8 : python3 (RHSA-2019:3520)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3520 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
python27:2.7 security and bug fix update
An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet, python-markupsafe,...
USN-4127-1: Python vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only...
Scientific Linux Security Update : python on SL7.x x86_64 (20190806)
Security Fixes : - python: Missing salt initialization in elementtree.c module CVE-2018-14647 - python: NULL pointer dereference using a specially crafted X509 certificate CVE-2019-5010 - python: CRLF injection via the query part of the url passed to urlopen CVE-2019-9740 - python: CRLF injection...
python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
Moderate: Red Hat Security Advisory: python security and bug fix update
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Debian DLA-1852-1 : python3.4 security update
The urllib library in Python ships support for a second, not well known URL scheme for accessing local files 'localfile://'. This scheme can be used to circumvent protections that try to block local file access and only block the well-known 'file://' schema. This update addresses the vulnerabilit...
Important: Red Hat Security Advisory: python27-python security update
An update for python27-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALPINE-CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...