SUSE-SU-2023:3933-1 Security update for python

This update for python fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692...

OESA-2023-1639 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2023-1598 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

2vyper (=0.3.0), ape-vyper (>=0.7.1 <=0.8.3) +23 more potentially affected by CVE-2023-40015 via vyper (>=0.1.0b12 <=0.3.10)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.1.3, =0.1.10 and more Source cves: CVE-2023-40015 Source advisory: OSV:PYSEC-2023-167...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python has a security vulnerability that stems from the fact that the use of a socket can cause information leakag...

CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

SUSE-SU-2023:2639-1 Security update for python

This update for python fixes the following issues: - CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters bsc1208471...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

matrix-synapse-testutils (>=1.65.0.0 <=1.67.0.0) potentially affected by CVE-2022-39374 via matrix-synapse (>=1.65.0 <=1.67.0)

matrix-synapse PYPI version =1.65.0, =1.65.0.0, =1.67.0.0 Source cves: CVE-2022-39374 Source advisory: OSV:PYSEC-2023-66...

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-32675 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-32675 Source advisory: OSV:PYSEC-2023-80...

Important: python27

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

SUSE-SU-2023:0724-1 Security update for python

This update for python fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names bsc1205244. The following...

muni2wasm (>=0.1.0.post0 <=0.1.3.post2) potentially affected by CVE-2023-27117 via wabt (=0.1.2)

wabt PYPI version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on wabt and may be impacted: - muni2wasm =0.1.0.post0, =0.1.3.post2 Source cves: CVE-2023-27117 Source advisory: OSV:PYSEC-2023-317...

Python < 3.7.17, 3.8.x < 3.8.17, 3.9.x < 3.9.17, 3.10.x < 3.10.12, 3.11.x < 3.11.4 RCE Vulnerability - Mac OS X

Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.5.12) +109 more potentially affected by CVE-2023-24580 via django (>=3.2.0 <=3.2.17)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.1.26, =0.1.27 - botbuilder-applicationinsights =4.14.3 and more Source cves: CVE-2023-24580 Source advisory: OSV:PYSEC-2023-13...

ae-django-utils (=0.3.1), apollo-sdk (>=0.2.0 <=0.2.11) +37 more potentially affected by CVE-2023-24580 via django (>=4.0.0 <=4.0.1)

django PYPI version =4.0.0, =0.2.0, =0.6.1, =22.0.0.dev12, =2.16.1, =0.1.5, =1.0.7, =0.9.0, =0.4.0, =0.4.2 and more Source cves: CVE-2023-24580 Source advisory: OSV:PYSEC-2023-13...

SUSE-SU-2023:0213-1 Security update for python

This update for python fixes the following issues: - CVE-2022-45061: Fixed an excessive CPU usage when decoding crafted IDNA domain names bsc1205244. Non-security fixes: - Fixed the 2038 bug in the compileall module bsc1202666...

SUSE-SU-2023:0161-1 Security update for python-py

This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data bsc1204364...

aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +457 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)

gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: OSV:PYSEC-2022-42992...

SUSE-SU-2022:3932-1 Security update for python-rsa

This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption bsc1178676...