SUSE CVE-2008-1887

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyStringFromStringAndSize function, which allocates less memory than expected when assert is disabled and triggers a buffer overflow...

SUSE CVE-2011-4944

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

SUSE CVE-2013-7440

The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate...

SUSE CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

SUSE CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

SUSE CVE-2020-27619

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

SUSE CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

AZL-35127 CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-5

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2020-10735)

Summary IBM Security SOAR uses an older version of Python that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 47.2 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2020-10735 DESCRIPTION: Python is...

Trellix Advanced Research Center patches 61,000 vulnerable open-source projects

Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...

Important: python3

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

USN-5767-2 python2.7, python3.5 vulnerability

USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive...

Ubuntu 16.04 ESM : Python vulnerability (USN-5767-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5767-2 advisory. USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-craft...

chthonian

This is a Python-based local vulnerability scanning framework called Chthonian. It is designed to detect vulnerabilities in openKylin and uses a coroutine-based approach to increase detection speed. The framework has a fuzzing feature that can automatically discover vulnerabilities, detect securi...

Oracle Linux 8 : python39:3.9 (ELSA-2022-8492)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8492 advisory. - Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non- default configuration. The Python multiprocessing...

Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391)

Summary A Publicly disclosed vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2022-0391 Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the...

AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2022:7592)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7592 advisory. python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : python38:3.8 and python38-devel:3.8 (ALSA-2022:7581)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7581 advisory. python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107 Tenable has extracted the preceding description block directly from the...

UBUNTU-CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...