CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

Ubuntu 22.04 LTS : Python vulnerability (USN-5713-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5713-1 advisory. Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue...

AIX is affected by arbitrary code execution and denial of service due to Python

IBM SECURITY ADVISORY First Issued: Tue Nov 1 10:11:15 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/pythonadvisory2.asc https://aix.software.ibm.com/aix/efixes/security/pythonadvisory2.asc...

SUSE SLES15 Security Update : python (SUSE-SU-2022:3512-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3512-2 advisory. - DISPUTED Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at th...

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

Ubuntu 16.04 ESM : Python vulnerability (USN-5629-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5629-1 advisory. It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic. Tenable has...

PT-2022-4709

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description A flaw was found in Python related to errors in converting data types between int and str. This issue is associated with algorithms that have quadratic time complexity and use non-binary bases...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.17.1)

The version of AOS installed on the remote host is prior to 5.17.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.17.1 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat trea...

USN-5519-1: Python vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run sudo ua fix USN-5519-1 t...

USN-5342-2 python2.7 vulnerabilities

USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this iss...

CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

Python 输入验证错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. An input validation error vulnerability exists in Python 3.x series versions prior to 3.10, which stems from an op...

Intel Distribution for Python 代码问题漏洞

Intel Distribution for Python is a Python distribution from Intel Corporation optimized for Intel hardware. A security vulnerability exists in Intel Distribution for Python versions prior to 2022.0.3. An attacker exploited the vulnerability to escalate privileges...

USN-5519-1 python2.7, python3.10, python3.4, python3.5, python3.6, python3.8, python3.9 vulnerability

It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2022:2344-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2344-1 advisory. - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the...

Simple-RAT 路径遍历漏洞

Simple-RAT is a Simple Remote Access Trojan written in Python by Sergei Personal Developers. A security vulnerability exists in versions of Simple-RAT prior to 2022-05-03, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

SUSE-SU-2022:2344-1 Security update for python

This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module bsc1198511...

python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c

A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack an...

DR-Web-Engine 安全漏洞

DR-Web-Engine is built on python based on the lxml package and uses JSON as the query structure. A security vulnerability exists in DR-Web-Engine. An attacker could exploit the vulnerability to access sensitive user information and digital currency keys, as well as elevate privileges...

USN-5342-3 python3.7 vulnerability

USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding fix for CVE-2021-3426 for Ubuntu 18.04 ESM. Original advisory details: David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...