PT-2024-23572 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: A issue was discovered that allows remote attackers to cause a denial of service DoS in the ROS2 nodes. Recommendations: For ROS2 Galactic Geochelone versio...

PT-2024-23566 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: An insecure logging vulnerability has been identified, allowing attackers to access sensitive information via inadequate security measures within the logging...

PT-2024-23547 · Ros · Ros

Name of the Vulnerable Software and Affected Versions: ROS Robot Operating System Melodic Morenia versions ROS VERSION 1 and ROS PYTHON VERSION 3 Description: The issue allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information. It is described as a Shell...

CLSA-2024-1711648611 python3.9: Fix of CVE-2023-27043

CVE-2023-27043: reject malformed addresses in email.parseaddr...

PT-2024-22900 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Humble Hawksbill versions where ROS VERSION is 2 and ROS PYTHON VERSION is 3 Description: An unauthorized access issue has been discovered, potentially allowing a malicious user to gain unauthorized access to multiple ROS2 nodes remotely...

CLSA-2024-1710437461 python3: Fix of CVE-2022-48564

CVE-2022-48564: Improve validation of Plist files that prevent DoS...

SUSE-SU-2024:0850-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory bsc1219666...

USN-6513-2 python3.8, python3.10, python3.11 vulnerability

USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into...

python: file path truncation at \0 characters

Python 3.11 os.path.normpath function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path...

CLSA-2023-1697741309 python3: Fix of CVE-2022-48560

CVE-2022-48560: fix posible crash in heapq with custom comparison operators...

CLSA-2023-1697739575 python3: Fix of 4 CVEs

CVE-2021-3737: Fix http client infinite line reading DoS after a HTTP 100 Continue - CVE-2021-28861: Fix an open redirection vulnerability in http.server - CVE-2022-0391: Make urllib.parse sanitize urls containing ASCII newline and tabs - CVE-2022-45061: Fix quadratic time idna decoding...

USN-6400-1 python2.7, python3.5 vulnerability

It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information...

SUSE-SU-2023:3804-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692...

Medium: python38

Issue Overview: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16,...

USN-6354-1 python2.7, python3.5 vulnerability

It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity XXE injection, resulting in a denial of service or information disclosure...

Important: python3.9

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

UBUNTU-CVE-2023-40587

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...

CLSA-2023-1689885583 python3: Fix of CVE-2023-24329

CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit...

SUSE CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

SUSE-SU-2023:0868-2 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to...