Ubuntu 20.04 LTS : Python vulnerability (USN-4973-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4973-1 advisory. It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variet...

Hiding vulnerabilities in python3

Vulnerabilities have been fixed in python3. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights -= Red Hat =- Red Hat has made updates available...

accuinsight (>=1.0.47 <=1.0.61), adapt-diagnostics (=1.2.0) +170 more potentially affected by CVE-2021-29587 via tensorflow (>=2.2.0 <=2.3.0)

tensorflow PYPI version =2.2.0, =1.0.47, =0.1.0, =0.10.0, =0.5.0, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29587 Source advisory: OSV:PYSEC-2021-224...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +91 more potentially affected by CVE-2021-29581 via tensorflow (>=2.4.0 <=2.4.1)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.0.0, =0.0.0.post0 and more Source cves: CVE-2021-29581 Source advisory: OSV:PYSEC-2021-218...

complaintclassify (=0.0.9) potentially affected by CVE-2021-29562 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29562 Source advisory: OSV:PYSEC-2021-490...

complaintclassify (=0.0.9) potentially affected by CVE-2021-29614 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29614 Source advisory: OSV:PYSEC-2021-542...

CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

Security Bulletin: Vulnerability in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-8492)

Summary A Vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2020-8492 Vulnerability Details CVEID: CVE-2020-8492 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the urllib.request.AbstractBasicAuthHandler. By sending ...

mc4ep-lavender (>=0.8.0 <=0.17.0), muses-lpdp (>=0.2.2 <=0.4.0rc1590080566) +2 more potentially affected by CVE-2021-30459 via django-debug-toolbar (>=2.1.0 <=2.2.0)

django-debug-toolbar PYPI version =2.1.0, =0.8.0, =0.2.2, =0.1.2, =0.1.6 Source cves: CVE-2021-30459 Source advisory: OSV:PYSEC-2021-10...

PT-2021-6846

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The issue is related to the FTP client library in Python, specifically in PASV passive mode, where the library trusts the host from the PASV response by default. This allows an attacker to set...

USN-4754-4: Python 2.7 vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177...

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-26116

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-26116. Vulnerability Details CVEID: CVE-2020-26116 DESCRIPTION: Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control characters in the...

USN-4754-4 python2.7 vulnerability

USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled...

Security Bulletin: IBM Cloud Private is vulnerable to a Python vulnerability (CVE-2020-25659)

Summary IBM Cloud Private is vulnerable to a Python vulnerability Vulnerability Details CVEID: CVE-2020-25659 DESCRIPTION: python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the...

PT-2021-2441

Name of the Vulnerable Software and Affected Versions: Python versions 3.x through 3.9.1 Description: The issue is related to a buffer overflow in the PyCArg repr function in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbe...

SUSE-SU-2020:3765-1 Security update for python

This update for python fixes the following issues: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916...

OPENSUSE-SU-2020:2211-1 Security update for python

This update for python fixes the following issues: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 This update was imported from the SUSE:SLE-15:Update update project...

OPENSUSE-SU-2020:2189-1 Security update for python

This update for python fixes the following issues: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2020:3597-1 Security update for python

This update for python fixes the following issues: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916...

Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft Windows File Systems agent (CVE-2020-15801)

Summary There is a vulnerability in Python that could allow a local attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Protect Plus Microsoft® Windows File Systems agent. Vulnerability Details CVEID: CVE-2020-15801 DESCRIPTION: Python could allow a...