CLSA-2023-1696880318 python2: Fix of CVE-2022-48565

CVE-2022-48565: Reject XML entity declarations in plist files...

USN-6400-1 python2.7, python3.5 vulnerability

It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information...

USN-6354-1 python2.7, python3.5 vulnerability

It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity XXE injection, resulting in a denial of service or information disclosure...

CLSA-2023-1689885378 python2: Fix of CVE-2023-24329

CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit - Also correct the first CVE-2023-24329 patch: Fix testattributesbadscheme to check for non-ascii symbol as first character of url...

USN-5960-1 python2.7, python3.10, python3.5, python3.6, python3.8 vulnerability

Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters...

CLSA-2023-1678136443 python2: Fix of CVE-2023-24329

CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...

CLSA-2023-1678135993 python2: Fix of CVE-2023-24329

CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...

SUSE CVE-2008-4108

Tools/faqwiz/move-faqwiz.sh aka the generic FAQ wizard moving tool in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directo...

SUSE CVE-2008-5983

Untrusted search path vulnerability in the PySysSetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv0 argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse...

SUSE CVE-2009-4134

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service application crash via a large ZSIZE value in a black-and-white aka B/W RGB image that triggers an invalid pointer dereference...

SUSE CVE-2011-1015

The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...

SUSE CVE-2018-1000802

Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in shutil module makearchive function that can result in Denial of service, Information gain via injection of arbitrary files on...

USN-5777-2 pillow-python2 vulnerabilities

USN-5777-1 fixed vulnerabilities in Pillow Python 3. This update provides the corresponding updates for Pillow Python 2 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Pillow incorrectly handled the deletion of temporary files when using a temporary directory that contains...

CLSA-2022-1669238752 python2: Fix of CVE-2022-45061

CVE-2022-45061: Fix quadratic time idna decoding - fix tests to be compatible with expat 2.2.5...

CLSA-2022-1658347744 Fixed CVE-2015-20107 in python2-7.module_el8.5.0+2070+77770ab7.tuxcare.els2

CVE-2015-20107: mailcap: findmatch function does not sanitise the second argument allowing to inject shell commands...

CLSA-2022-1654525948 Fixed CVEs in python2-pip-18.module_el8.4.0+2051+0b56c8de: CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-4189

CVE-2021-3733: urllib: Regular expression DoS in AbstractBasicAuthHandler rhbz2047376 - CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2047376 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2047376 - CVE-2022-0391: urllib.parse...

USN-4754-5 python2.7 vulnerability

USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177 in Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain inputs. A...

Exploit for CVE-2020-1938

This is a proof-of-concept PoC exploit for CVE-2020-1938, a vulnerability in Apache Tomcat's AJP protocol. The exploit is written in Python and utilizes the ajpy library to interact with the AJP protocol. The exploit targets the Local File Inclusion LFI vulnerability in Tomcat, allowing an attack...

Pocsuite

This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite. It is developed by the Knownsec 404 Team and supports Python 2.6+. The framework comes with a powerful proof-of-concept engine and many niche features for penetration testers a...

OPENSUSE-SU-2021:0899-1 Security update for salt

This update for salt fixes the following issues: Update to Salt release version 3002.2 jscECO-3212, jscSLE-18033, jscSLE-18028 - Check if dpkgnotify is executable bsc1186674 - Drop support for Python2. Obsoletes python2-salt package jscSLE-18028 - virt module updates network: handle missing ipv4...