121 matches found
PT-2022-6750
Name of the Vulnerable Software and Affected Versions Python versions prior to 3.11.1 Python versions prior to 3.10.9 Python versions prior to 3.9.16 Python versions prior to 3.8.16 Python versions prior to 3.7.16 Description An issue exists in the IDNA RFC 3490 decoder, where an unnecessary...
PT-2022-23156
Name of the Vulnerable Software and Affected Versions Poetry versions prior to 1.1.9 Poetry versions prior to 1.2.0b1 Description Poetry is a dependency manager for Python that uses various commands, such as git clone, when handling dependencies from a Git repository. The commands are constructed...
OESA-2022-1879 python3 security update
Python combines remarkable power with very clear syntax. It has modules,classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C+...
PT-2022-4709
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description A flaw was found in Python related to errors in converting data types between int and str. This issue is associated with algorithms that have quadratic time complexity and use non-binary bases...
PT-2022-9905
Name of the Vulnerable Software and Affected Versions Python versions 3.x through 3.10 Description The issue is related to an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path, which may lead to information disclosure. It is...
OESA-2022-1653 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
OESA-2021-1284 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. Security Fixes: A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a...
OESA-2021-1190 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
PT-2022-2220
Name of the Vulnerable Software and Affected Versions Python versions prior to 3.10.0b1 Python versions prior to 3.9.5 Python versions prior to 3.8.11 Python versions prior to 3.7.11 Python versions prior to 3.6.14 Description The issue involves the urllib.parse module in Python, which does not...
PT-2021-6846
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The issue is related to the FTP client library in Python, specifically in PASV passive mode, where the library trusts the host from the PASV response by default. This allows an attacker to set...
OESA-2021-1067 python-bottle security update
Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. Security Fixes: The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a...
PT-2021-3621
Name of the Vulnerable Software and Affected Versions python/cpython versions 0 through 3.6.13 python/cpython versions 3.7.0 through 3.7.10 python/cpython versions 3.8.0 through 3.8.8 python/cpython versions 3.9.0 through 3.9.2 Description The issue is related to Web Cache Poisoning via...
PT-2021-2441
Name of the Vulnerable Software and Affected Versions: Python versions 3.x through 3.9.1 Description: The issue is related to a buffer overflow in the PyCArg repr function in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbe...
PT-2020-6224
Name of the Vulnerable Software and Affected Versions python-lxml affected versions not specified Description A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user...
SUSE-SU-2020:2911-1 Security update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client
This update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano,...
Safety - Check Your Installed Dependencies For Known Security Vulnerabilities
Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but can be upgraded to use pyup.io's Safety API using the --key option. Installation Install safety with pip. Keep in mind that we support only Python...
PT-2021-6018
Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 1.26.5 Description The issue is related to an HTTP client vulnerability in Python urllib3, which is associated with uncontrolled resource consumption. Exploitation of the vulnerability may allow a remote attacker to...
PT-2021-3478
Name of the Vulnerable Software and Affected Versions PyYAML versions prior to 5.4 Description A flaw in the PyYAML library allows for arbitrary code execution when processing untrusted YAML files through the full load method or with the FullLoader loader. This issue enables an attacker to execut...
Malicious package may avoid detection in python auditing
Python Auditing Vulnerability Demonstrates how a malicious package can insert a load-time poison pill to avoid detection by tools like Safety. Tools that are designed to find vulnerable packages can not ever run in the same python environment that they are trying to protect. Usage Install safety,...
There are unspecified vulnerabilities in Safety
Safety is a Python based package for checking the safety of programs. A security vulnerability exists in Safety 1.8.6 and earlier versions that can be exploited by an attacker to bypass security checks with the help of a specially crafted package...