Lucene search
K

121 matches found

Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.8 views

PT-2022-6750

Name of the Vulnerable Software and Affected Versions Python versions prior to 3.11.1 Python versions prior to 3.10.9 Python versions prior to 3.9.16 Python versions prior to 3.8.16 Python versions prior to 3.7.16 Description An issue exists in the IDNA RFC 3490 decoder, where an unnecessary...

9.8CVSS7.7AI score0.73461EPSS
Exploits50References260
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.1 views

PT-2022-23156

Name of the Vulnerable Software and Affected Versions Poetry versions prior to 1.1.9 Poetry versions prior to 1.2.0b1 Description Poetry is a dependency manager for Python that uses various commands, such as git clone, when handling dependencies from a Git repository. The commands are constructed...

7.3CVSS7.2AI score0.01413EPSS
Exploits1References19
OSV
OSV
added 2022/09/02 11:4 a.m.3 views

OESA-2022-1879 python3 security update

Python combines remarkable power with very clear syntax. It has modules,classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C+...

7.4CVSS6.5AI score0.0199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.4 views

PT-2022-4709

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description A flaw was found in Python related to errors in converting data types between int and str. This issue is associated with algorithms that have quadratic time complexity and use non-binary bases...

9.8CVSS8.4AI score0.78483EPSS
Exploits57References630
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.6 views

PT-2022-9905

Name of the Vulnerable Software and Affected Versions Python versions 3.x through 3.10 Description The issue is related to an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path, which may lead to information disclosure. It is...

9.8CVSS8.2AI score0.52063EPSS
Exploits28References306
OSV
OSV
added 2022/05/18 11:3 a.m.2 views

OESA-2022-1653 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

8CVSS6.9AI score0.07269EPSS
Exploits1References2
OSV
OSV
added 2021/07/31 11:3 a.m.2 views

OESA-2021-1284 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. Security Fixes: A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a...

5.7CVSS7AI score0.01687EPSS
Exploits2References2
OSV
OSV
added 2021/05/15 11:2 a.m.4 views

OESA-2021-1190 python-jinja2 security update

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...

5.3CVSS7.1AI score0.03546EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/04/18 12:0 a.m.7 views

PT-2022-2220

Name of the Vulnerable Software and Affected Versions Python versions prior to 3.10.0b1 Python versions prior to 3.9.5 Python versions prior to 3.8.11 Python versions prior to 3.7.11 Python versions prior to 3.6.14 Description The issue involves the urllib.parse module in Python, which does not...

10CVSS8.7AI score0.9947EPSS
Exploits157References425
Positive Technologies
Positive Technologies
added 2021/04/05 12:0 a.m.4 views

PT-2021-6846

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The issue is related to the FTP client library in Python, specifically in PASV passive mode, where the library trusts the host from the PASV response by default. This allows an attacker to set...

6.4CVSS6.9AI score0.02602EPSS
Exploits0References172
OSV
OSV
added 2021/03/05 11:2 a.m.4 views

OESA-2021-1067 python-bottle security update

Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. Security Fixes: The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a...

6.8CVSS6.9AI score0.01837EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/02/13 12:0 a.m.16 views

PT-2021-3621

Name of the Vulnerable Software and Affected Versions python/cpython versions 0 through 3.6.13 python/cpython versions 3.7.0 through 3.7.10 python/cpython versions 3.8.0 through 3.8.8 python/cpython versions 3.9.0 through 3.9.2 Description The issue is related to Web Cache Poisoning via...

5.9CVSS6.8AI score0.35963EPSS
Exploits1References351
Positive Technologies
Positive Technologies
added 2021/01/19 12:0 a.m.8 views

PT-2021-2441

Name of the Vulnerable Software and Affected Versions: Python versions 3.x through 3.9.1 Description: The issue is related to a buffer overflow in the PyCArg repr function in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbe...

10CVSS9.8AI score0.9947EPSS
Exploits198References558
Positive Technologies
Positive Technologies
added 2020/10/18 12:0 a.m.8 views

PT-2020-6224

Name of the Vulnerable Software and Affected Versions python-lxml affected versions not specified Description A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user...

9.8CVSS7.4AI score0.73274EPSS
Exploits17References174
OSV
OSV
added 2020/10/13 2:46 p.m.14 views

SUSE-SU-2020:2911-1 Security update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client

This update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano,...

9.3CVSS8.8AI score0.99856EPSS
Exploits12References27
Kitploit
Kitploit
added 2020/09/10 11:30 a.m.39 views

Safety - Check Your Installed Dependencies For Known Security Vulnerabilities

Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but can be upgraded to use pyup.io's Safety API using the --key option. Installation Install safety with pip. Keep in mind that we support only Python...

6.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/06/11 12:0 a.m.6 views

PT-2021-6018

Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 1.26.5 Description The issue is related to an HTTP client vulnerability in Python urllib3, which is associated with uncontrolled resource consumption. Exploitation of the vulnerability may allow a remote attacker to...

8.7CVSS7.1AI score0.03273EPSS
Exploits0References120
Positive Technologies
Positive Technologies
added 2020/05/27 12:0 a.m.6 views

PT-2021-3478

Name of the Vulnerable Software and Affected Versions PyYAML versions prior to 5.4 Description A flaw in the PyYAML library allows for arbitrary code execution when processing untrusted YAML files through the full load method or with the FullLoader loader. This issue enables an attacker to execut...

10CVSS8.8AI score0.06031EPSS
Exploits2References101
Github Security Blog
Github Security Blog
added 2020/03/24 3:7 p.m.78 views

Malicious package may avoid detection in python auditing

Python Auditing Vulnerability Demonstrates how a malicious package can insert a load-time poison pill to avoid detection by tools like Safety. Tools that are designed to find vulnerable packages can not ever run in the same python environment that they are trying to protect. Usage Install safety,...

5CVSS1.5AI score0.00366EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2020/03/24 12:0 a.m.3 views

There are unspecified vulnerabilities in Safety

Safety is a Python based package for checking the safety of programs. A security vulnerability exists in Safety 1.8.6 and earlier versions that can be exploited by an attacker to bypass security checks with the help of a specially crafted package...

5CVSS7.1AI score0.00366EPSS
Exploits0References1
Rows per page
Query Builder