USN-4581-1 python2.7, python3.4, python3.5, python3.6 vulnerability

It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a vulnerability in the Windows Netlogon service that allows for authentication bypass. The exploit uses the Impacket library to test the vulnerability and attempts to perform a Netlogon authentication bypass. The script will immediately terminate when successfully...

OPENSUSE-SU-2020:1265-1 Security update for python3

This update for python3 fixes the following issues: - bsc1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. This update was imported from the SUSE:SLE-15:Update update project...

OPENSUSE-SU-2020:1258-1 Security update for python3

This update for python3 fixes the following issues: - bsc1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2020:1822-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service bsc1173274...

SUSE-SU-2020:0497-1 Security update for python3

This update for python3 fixes the following issues: Update to 3.4.10 jscSLE-9427, bsc1159208 from 3.4.6: Security issues fixed: - Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 - CVE-2017-1000158: Fix an...

SUSE-SU-2020:0467-1 Security update for python3

This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issue...

ALPINE-CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

UBUNTU-CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

python: CRLF injection via the query part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

SUSE-SU-2019:0971-1 Security update for python3

This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization bsc1129346...

OPENSUSE-SU-2019:0329-1 Security update for obs-service-tar_scm

This update for obs-service-tarscm fixes the following issues: Security vulnerabilities addressed: - CVE-2018-12473: Fixed a path traversal issue, which allowed users to access files outside of the repository using relative paths bsc1105361 - CVE-2018-12474: Fixed an issue whereby crafted service...

UBUNTU-CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

USN-3496-3 python3.4, python3.5 vulnerability

USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code...

PT-2013-3541 · Python +1 · Python-Backports-Ssl Match Hostname +2

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.4 python-backports-ssl match hostname affected versions not specified Description: The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by exploiting the ssl.match hostname...

(CGIHTTPServer): CGI script source code disclosure

The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...

Python: Memory corruption in audioop module

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service memory corruption and application crash via crafted arguments, as demonstrated by a call to...