Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerability (USN-6400-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6400-1 advisory. It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to...

Important: python38

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

PSF-2023-5 XML External Entity issue in plistlib module

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

CVE-2022-48560

A use-after-free exists in Python through 3.9 via heappushpop in heapq...

DEBIAN-CVE-2022-48560

A use-after-free exists in Python through 3.9 via heappushpop in heapq...

Python 资源管理错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9.1, which stems from the fact that readints in plistlib.py is...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9.1, which stems from the presence of an XML external entity issue...

AIX is affected by security restrictions bypass due to Python

IBM SECURITY ADVISORY First Issued: Fri Aug 18 09:49:04 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory5.asc Security Bulletin: AIX is affected by security restrictions bypass CVE-2023-24329 due to Python...

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

CVE-2023-38898

CVE-2023-38898 involves CPython’s asyncio._swap_current_task in Python 3.7 and could allow an attacker to obtain sensitive information. The vendor disputes that 3.7 (or any release) is affected and notes no common exploit scenarios; multiple OSV entries and vendor advisories corroborate the claim...

PYSEC-2023-112

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

PT-2023-9652 · Python +6 · Python +6

Name of the Vulnerable Software and Affected Versions: Python versions 3.11 through 3.11.4 Description: The issue is related to the os.path.normpath function, which truncates a path unexpectedly at the first '0' byte if such bytes are present in the path. This could lead to security issues, as...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inpu...

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

PT-2023-24400 · Python · Cpython

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 alpha 7 Description: A heap use-after-free issue was discovered via the function ascii decode at /Objects/unicodeobject.c. Recommendations: For CPython version 3.12.0 alpha 7, consider disabling the ascii decode functio...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Python vulnerability (USN-6139-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6139-1 advisory. Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass...

Fedora 37 : python3.11 (2023-63c69aa712)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-63c69aa712 advisory. Fix for CVE-2023-24329 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

AlmaLinux 8 : python27:2.7 (ALSA-2023:2860)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2860 advisory. Python: CPU denial of service via inefficient IDNA decoder CVE-2022-45061 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

python: CPU denial of service via inefficient IDNA decoder

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...