Alibaba Cloud Linux 3 : 0080: python3 (ALINUX3-SA-2021:0080)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0080 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-10160: A security regression of...

Alibaba Cloud Linux 3 : 0261: Moderate: python27:2.7 (ALINUX3-SA-2024:0261)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0261 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-11236: In the urllib3 library...

RockyLinux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:5962)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5962 advisory. python: incorrect IPv4 and IPv6 private ranges CVE-2024-4032 pypa/setuptools: Remote code execution via download functions in the packageindex module in...

USN-7488-1: Python vulnerabilities

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7,...

USN-7488-1 python vulnerabilities

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7,...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.10 : Python vulnerabilities (USN-7488-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7488-1 advisory. It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker coul...

Amazon Linux AMI : python26 (ALAS-2025-1972)

The version of python26 installed on the remote host is prior to 2.6.9-2.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1972 advisory. A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection e.g...

K000151007: Multiple Python vulnerabilities

Security Advisory Description CVE-2019-13404 The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. This also affects old 3.x releases before 3.5. NOTE: the vendor's position is that it is th...

Amazon Linux 2 : python (ALAS-2025-2816)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2816 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...

Amazon Linux 2 : python3 (ALAS-2025-2815)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2815 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Python

Summary Multiple vulnerabilities in Python that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-9287 DESCRIPTION: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not...

Amazon Linux 2 : python (ALAS-2025-2797)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2797 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-900)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-900 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potential...

Medium: python3.9

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...

USN-7348-2: Python regression

USN-7348-1 fixed vulnerabilities in Python. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were...

python3.9:3.9.21 security update

An update is available for python3.9. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language...

Ubuntu: Security Advisory (USN-7348-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7348-1: Python vulnerabilities

It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu...

Ubuntu 14.04 LTS / 16.04 LTS / 20.04 LTS : Python vulnerabilities (USN-7348-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7348-1 advisory. It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered...

Medium: python3.11

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...