Moderate: Red Hat Security Advisory: rh-python38-python security update

An update for rh-python38-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

编号撤回

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. This CVE number has been withdrawn...

Amazon Linux 2022 : python3-lxml (ALAS2022-2022-074)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-074 advisory. There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's...

An Easier Way to Keep Old Python Code Healthy and Secure

Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python mu...

UltraJSON 安全漏洞

UltraJSON is an open source, ultra-fast JSON encoder and decoder written in pure C and bundled with Python 3.7+. A security vulnerability exists in versions of UltraJSON prior to 5.4.0, which stems from an inability to properly decode certain characters, allowing for potential key obfuscation and...

Moderate: Red Hat Security Advisory: python39:3.9 and python39-devel:3.9 security update

An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Github spirit 输入验证错误漏洞

Github spirit is a Python-based forum built using the Django framework. github spirit is vulnerable to an input validation error, which stems from sending a request that results in an insecure redirect. No detailed vulnerability details are available at this time...

Django Cross-Site Scripting Vulnerability (CNVD-2022-08043)

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. Django has a cross-site scripting vulnerability in version 3.7.3 that stems from not validating th...

python-pygments: ReDoS in multiple lexers

A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...

DEBIAN-CVE-2021-42576

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

Linkedin Oncall Cross-Site Scripting Vulnerability

Linkedin Oncall is the United States Linkedin company based on Python language can be used to manage the calendar planning platform of the building system. A security vulnerability exists in Linkedin Oncall versions 1.4.0 and earlier, which stems from the mishandling of the "No results found"...

python jsonpickle 2.0.0 - Remote Code Execution

Exploit Title: python jsonpickle 2.0.0 - Remote Code Execution Date: 24-2-2021 Vendor Homepage: https://jsonpickle.github.io Exploit Author: Adi Malyanker, Shay Reuven Software Link: https://github.com/jsonpickle/jsonpickle Version: 2.0.0 Tested on: windows, linux Python is an open source languag...

penetration

This repository contains a collection of 0-day exploits for various web applications, including CMS platforms. The exploits are categorized by the affected application, and each category contains multiple exploits. The exploits are written in various programming languages, including PHP, Python,...

Librepo Directory Traversal Vulnerability

Librepo is a library that provides C and Python APIs for downloading packages in rpm-md format and linux repository metadata. A directory traversal vulnerability exists in the Librepo product. The vulnerability stems from a failure of a networked system or product to properly filter special...

Debian DLA-2280-1 : python3.5 security update

Multiple security issues were discovered in Python, an interactive high-level object-oriented language. CVE-2018-20406 Modules/pickle.c has an integer overflow via a large LONGBINPUT value that is mishandled during a 'resize to twice the size' attempt. This issue might cause memory exhaustion, bu...

[SECURITY] Fedora 30 Update: python3-3.7.6-1.fc30

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

[SECURITY] Fedora 30 Update: python3-3.7.5-1.fc30

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

[SECURITY] Fedora 29 Update: python3-3.7.5-1.fc29

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

PT-2019-5897 · Python +4 · Python +4

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to a CRLF injection vulnerability in the urllib2 module of the Python programming language. This could allow a remote attacker to impact data integrity. Recommendations:...

Fedora Update for python3 FEDORA-2019-ec26883852

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...