Python Improper Input Validation Vulnerability (Jan 2025) - Linux

Python is prone to an improper input validation vulnerability in the urllib.parse.urlsplit and urlparse standard functions. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Amazon Linux 2 : python (ALAS-2025-2744)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2744 advisory. CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python that stems from square brackets being used only as a separator to specif...

CVE-2025-24794

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache

Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue...

CVE-2025-24795 The Snowflake Connector for Python uses insecure cache files permissions

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential...

CVE-2025-24794 The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

Ubuntu 20.04 LTS / 22.04 LTS : Python vulnerability (USN-7218-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7218-1 advisory. It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side...

Ubuntu 24.04 LTS / 24.10 : Python vulnerability (USN-7219-1)

The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7219-1 advisory. It was discovered that Python incorrectly handled asyncio write buffers. A remote attacker could possibly use this issue to cause Python to consume memory...

Ubuntu: Security Advisory (USN-7218-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7219-1: Python vulnerability

It was discovered that Python incorrectly handled asyncio write buffers. A remote attacker could possibly use this issue to cause Python to consume memory, leading to a denial of service...

USN-7218-1: Python vulnerability

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

USN-7218-1 python3.10, python3.8 vulnerability

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

BIT-PYTHON-MIN-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...

BIT-PYTHON-MIN-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

USN-7212-1 python2.7 vulnerabilities

It was discovered that Python incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2019-9674 It was discovered that Python incorrectly handled certain inputs. If a user or an automated system...

BIT-PYTHON-MIN-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

BIT-PYTHON-MIN-2022-48564

readints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format...

BIT-PYTHON-MIN-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

rasa-contrib (>=0.2.0 <=0.3.1) potentially affected by CVE-2024-49375 via rasa (=3.6.20)

rasa PYPI version =3.6.20 is affected by a known vulnerability. The following packages have a transitive dependency on rasa and may be impacted: - rasa-contrib =0.2.0, =0.3.1 Source cves: CVE-2024-49375 Source advisory: SNYK:PYTHON-RASA-8623604...