PT-2023-35806 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to a heap buffer overflow error. Technical details about the error include the crash type being a Heap-buffer-overflow WRITE 1. The crash state involves several function...

PT-2023-35796 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to a heap buffer overflow error. Technical details about the error include the crash type being a Heap-buffer-overflow WRITE 1. The crash state involves several function...

PT-2023-35789 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. It occurs in the unicode decode utf8 function, which is called by PyUnicode DecodeUTF8 and PyPegen formatted value. Recommendations...

PT-2023-4573

Name of the Vulnerable Software and Affected Versions Python versions 0 through 2.7.18 Python versions 3.x through 3.11.3 Description The email module of Python incorrectly parses e-mail addresses that contain a special character, allowing attackers to bypass protection mechanisms. This can be...

Python 输入验证错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. An input validation error vulnerability exists in Python versions prior to 2.7.18, and versions 3.x through 3.11,...

Rocky Linux 9 : python3.9 (RLSA-2023:0953)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0953 advisory. - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder...

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to a bypass vulnerability due to the use of Python (CVE-2023-24329)

Summary A publicly disclosed vulnerability in Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-24329 Vulnerability Details CVEID:CVE-2023-24329 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a flaw in the urllib.parse...

USN-5767-3: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Original advisory details: Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. A...

1a23-telemetry (=1.0.0), abdelrahman-obfuscate (>=1.0.0 <=1.0.1) +199 more potentially affected by CVE-2023-28117 via sentry-sdk (>=0.10.0 <=1.13.0)

sentry-sdk PYPI version =0.10.0, =1.0.0, =2.0.0, =0.0.1.dev0, =0.1.1, =3.1.4, =0.6.2, =0.2.8, =2.5.7, =2.85.0 - apirunner =1.1.0 - apis-bibsonomy =0.2.3 and more Source cves: CVE-2023-28117 Source advisory: OSV:GHSA-29PR-6JR8-Q5JM...

SUSE SLES12 Security Update : python (SUSE-SU-2022:2249-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2249-1 advisory. - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file...

USN-5931-1 python3.8 vulnerability

It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2022-37454...

USN-5930-1: Python vulnerability

It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2022-37454...

USN-5767-3 python3.6 vulnerability

USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Original advisory details: Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

Ubuntu 18.04 LTS : Python vulnerability (USN-5767-3)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5767-3 advisory. USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Tenable has extracted the preceding description block directly fro...

K11068141: Python vulnerability CVE-2014-9365

Security Advisory Description The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches...

DEBIAN-CVE-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

CVE-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

SUSE CVE-2006-1542

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...

SUSE CVE-2007-4965

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service application crash and possibly obtain sensitive information memory contents via crafted arguments to 1 the tovideo method, and unspecified other vectors...

SUSE CVE-2008-1679

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965...