Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to python ( CVE-2022-45061 )

Summary Python is used by IBM Cloud Pak for Data. CVE-2022-45061. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder. By sendi...

CVE-2024-4897

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9 and earlier versions, which stems from the use of NPN that can lead ...

openSUSE Security Advisory (SUSE-SU-2024:1639-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python: use after free in heappushpop() of heapq module

A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack...

F5 Networks BIG-IP : Python vulnerability (K000139685)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139685 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11....

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and earlier versions, which...

USN-6513-2: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that Pytho...

SUSE SLES12 Security Update : python3 (SUSE-SU-2024:0785-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0785-1 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primari...

CentOS 9 : python3.11-pip-22.3.1-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python3.11-pip-22.3.1-4.el9 build changelog. - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote...

SUSE SLES15 / openSUSE 15 Security Update : python310 (SUSE-SU-2024:0595-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0595-1 advisory. - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong...

SUSE SLES12 Security Update : python36 (SUSE-SU-2024:0436-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0436-1 advisory. - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an...

CentOS 8 : python3 (CESA-2023:5997)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5997 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

openSUSE 15 Security Update : python (SUSE-SU-2024:0329-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0329-1 advisory. - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...

python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

Rocky Linux 8 : python3 (RLSA-2024:0256)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0256 advisory. - The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...

python: use after free in heappushpop() of heapq module

A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack...

PT-2024-19011 · Hyperledger · Hyperledger Aries Cloud Agent Python

Name of the Vulnerable Software and Affected Versions: Hyperledger Aries Cloud Agent Python ACA-Py versions 0.7.0 through 0.10.4 Description: The issue arises when verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs. The result of verifying the presentation...

CentOS 7 : python3 (RHSA-2023:6823)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6823 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

Ubuntu 23.04 : Python vulnerability (USN-6547-1)

The remote Ubuntu 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6547-1 advisory. it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks...