AZL-35143 CVE-2023-6507 affecting package python3 for versions less than 3.12.3-1

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

PT-2023-9621 · Python +2 · Cpython +2

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 Description: The issue is related to errors in privilege management in the subprocess module of the CPython interpreter. When using the extra groups= parameter with an empty list as a value, the logic regressed to not...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to python vulnerability ( CVE-2022-40897 )

Summary Python is used by IBM Cloud Pak for Data as part of the Ansible operator for installation. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID:CVE-2023-40217 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module. When the...

Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation for Cloud Pak and result in an attacker sending invalid emails. (CVE-2023-27043).

Summary There is a vulnerability in Python used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. An attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected. CVE-2020-23064. This bulletin identifies the security fixes ...

Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation and result in a remote attacker bypassing security restrictions (CVE-2023-24329).

Summary There is a vulnerability in Python used by IBM Robotic Process Automation as part of Watson NLP and base container images which may result in a remote attacker to bypass security restriction CVE-2023-24329. Vulnerability Details CVEID: CVE-2023-24329 DESCRIPTION: Python could allow a remo...

CVE-2023-45167

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965...

python: CPU denial of service via inefficient IDNA decoder

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

PT-2023-7210 · Ibm · Ibm Aix

Name of the Vulnerable Software and Affected Versions: IBM AIX version 7.3 Description: The issue is related to the Python implementation in IBM AIX, which could allow a non-privileged local user to cause a denial of service due to insufficient input validation. A race condition in the SSLSocket...

AlmaLinux 8 : python3 (ALSA-2023:5997)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5997 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...

AZL-59705 CVE-2023-45803 affecting package python3 for versions less than 3.9.19-14

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

USN-6394-2 python2.7 vulnerability

USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute...

Oracle Linux 9 : python3.9 (ELSA-2023-5462)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5462 advisory. 3.9.16-1.2 - Security fix for CVE-2023-40217 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerability (USN-6394-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6394-2 advisory. USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

Ubuntu 18.04 ESM : Python vulnerability (USN-5342-3)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5342-3 advisory. USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding fix for CVE-2021-3426 for Ubuntu 18.04 ESM. Tenable has extracted the...

Security Bulletin: Vulnerability in Python affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Python that could allow a local authenticated attacker to obtain sensitive information, The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-48565...

AlmaLinux 9 : python3.11 (ALSA-2023:5456)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5456 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...

USN-6139-1: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first...

SUSE SLES15 Security Update : python3 (SUSE-SU-2023:3804-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3804-1 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affect...