python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.

A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via...

python: Python: HTTP header injection via CR/LF in proxy tunnel headers

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

Astra Linux - уязвимость в python3.11, python3.7

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

Astra Linux - уязвимость в python3.7, python2.7

A flaw was discovered in Python. Improper handling of HTTP responses in the Python HTTP client code may allow a remote attacker, who controls the HTTP server, to cause the client script to enter an infinite loop, consuming CPU resources. The greatest threat of this vulnerability is to system...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

CVE-2026-5713

A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via...

CVE-2026-1502

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

EUVD-2020-3159

Malware in sbrugna...

EUVD-2021-27013

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-3737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to...

Linux Distros Unpatched Vulnerability : CVE-2022-0391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue...

Linux Distros Unpatched Vulnerability : CVE-2020-10735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int...

Security Bulletin: Vulnerability in python3 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". Due to this issue, it is possible that values will not be returned in accordance with the latest information...

BIT-PYTHON-MIN-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

BIT-PYTHON-MIN-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

python: Unbounded memory buffering in SelectorSocketTransport.writelines()

A flaw was found in Python. In certain configurations, the asyncio.SelectorSocketTransport.writelines method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denia...

AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2023:2764)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2764 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...

openstack-nova: novnc allows open redirection

A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL...

CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...