USN-5342-3: Python vulnerability

USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding fix for CVE-2021-3426 for Ubuntu 18.04 ESM. Original advisory details: David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...

Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)

Summary There is a vulnerability in Python open source used by IBM Cloud Private for scripting. The vulnerability could be exploited by an attacker to conduct SSRF or local file include attacks. This bulletin identifies the security fixes to apply to address the Python vulnerability CVE-2021-2992...

EulerOS 2.0 SP5 : python (EulerOS-SA-2022-1548)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204-exiftool Python exploit for the CVE-2021-22204...

Python urllib.parse Vulnerability (bpo-43882) - Mac OS X

Python is prone to a vulnerability urllib.parse. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Python 注入漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python suffers from an injection vulnerability that allows an attacker to enter a crafted URL, resulting in an...

F5 Networks BIG-IP : Python vulnerability (K28622040)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K28622040 advisory. - urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it...

python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

Python < 2.7.17, 3.x < 3.4.10, 3.5.x < 3.5.7, 3.6.x < 3.6.9, 3.7.x < 3.7.3 Cookie domain check returns incorrect results (bpo-35121) - Linux

Python is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Vulnerabilities fixed in Python

Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...

Python < 2.7.13, 3.4.x < 3.4.7, 3.5.x < 3.5.3 Sweet32 attack (bpo-27850) - Linux

Python is prone to a SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

01os (>=0.0.3 <=0.0.14), 102218077-topsis (=0.0.1) +9952 more potentially affected by CVE-2019-5064 via opencv-python (>=3.4.10.35 <=4.1.2.30)

opencv-python PYPI version =3.4.10.35, =0.0.3, =0.0.1, =0.1.0, =0.0.2, =2.13.0, =0.1.0, =0.1.0, =0.10.0, =0.13.0 - a-cv-sift-detection =0.10.0 - a-cv2-calculate-difference =0.10.0 and more Source cves: CVE-2019-5064 Source advisory: OSV:GHSA-Q799-Q27X-VP7W...

01os (>=0.0.3 <=0.0.14), 102218077-topsis (=0.0.1) +9926 more potentially affected by CVE-2019-14493 via opencv-python (>=3.4.10.35 <=4.1.0.25)

opencv-python PYPI version =3.4.10.35, =0.0.3, =0.0.1, =0.1.0, =0.0.2, =2.13.0, =0.1.0, =0.1.0, =0.10.0, =0.13.0 - a-cv-sift-detection =0.10.0 - a-cv2-calculate-difference =0.10.0 and more Source cves: CVE-2019-14493 Source advisory: OSV:GHSA-3448-VRGH-85XR...

Quokka XML External Entity Injection Vulnerability

Quokka is a content management framework written in Python. quokka version 0.4.0 is vulnerable to XML external entity injection. A remote attacker can exploit this vulnerability to execute arbitrary code via the quokka/core/content/views.py component...

complaintclassify (=0.0.9) potentially affected by CVE-2021-37677 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-37677 Source advisory: OSV:PYSEC-2021-590...

SUSE SLES11 Security Update : python (SUSE-SU-2020:14306-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14306-1 advisory. - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular...

SUSE SLES11 Security Update : python (SUSE-SU-2020:14550-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14550-1 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

SUSE SLES11 Security Update : python (SUSE-SU-2021:14198-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14198-1 advisory. - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses...

OPENSUSE-SU-2021:0851-1 Security update for python-py

This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py bsc1179805, bsc1184505. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by a Python vulnerability

Summary There is a vulnerability in Python used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator havs addressed the applicable CVE, CVE-2021-3177 by upgrade python to version 3.7.10 Vulnerability Details Refer to the security bulletins listed in the...