USN-4581-1: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection. CVEs...

python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS

An uncontrolled resource consumption vulnerability was discovered in python in the class AbstractBasicAuthHandler, due to the kind of regular expression used while handling an authentication request in the httperrorauthreqed method. Client applications that use, directly or indirectly,...

USN-4552-2: Pam-python vulnerability

Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root...

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS

An uncontrolled resource consumption vulnerability was discovered in python in the class AbstractBasicAuthHandler, due to the kind of regular expression used while handling an authentication request in the httperrorauthreqed method. Client applications that use, directly or indirectly,...

USN-4581-1: Python vulnerability

It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...

PT-2020-16726

Name of the Vulnerable Software and Affected Versions Python versions 3 through 3.9.0 Description The issue arises from the Lib/test/multibytecodec support.py CJK codec tests in Python, which call eval on content retrieved via HTTP. This poses a risk due to the potential for executing arbitrary...

Security Bulletin: IBM Cloud Private is vulnerable to a Python vulnerability (CVE-2020-14422)

Summary IBM Cloud Private is vulnerable to a Python vulnerability Vulnerability Details CVEID: CVE-2020-14422 DESCRIPTION: Python is vulnerable to a denial of service, caused by improper computing hash values in the IPv4Interface and IPv6Interface classes in Lib/ipaddress.py. By sending a...

azureml-designer-recommender-modules (>=0.0.1 <=0.0.9), monk-cuda100 (=0.0.1) +9 more potentially affected by CVE-2020-15205 via tensorflow-gpu (>=2.0.0 <=2.0.1)

tensorflow-gpu PYPI version =2.0.0, =0.0.1, =0.0.9 - monk-cuda100 =0.0.1 - monk-cuda100-test =0.0.1 - monk-cuda101 =0.0.1 - monk-cuda101-test =0.0.1 - monk-keras-cuda100 =0.0.1 - monk-keras-cuda100-test =0.0.1 - monk-keras-cuda101 =0.0.1 - monk-keras-cuda101-test =0.0.1 - monk-keras-cuda102 =0.0....

Security Bulletin: Python vulnerability in IBM Tivoli Application Dependency Discovery Manager (CVE-2019-16935)

Summary Vulnerabilities in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager. Vulnerability Details CVEID: CVE-2019-16935 DESCRIPTION: Python is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the python/Lib/DocXMLRPCServer.p...

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting

...

The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions.

...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities among other things allow an unauthenticated remote malicious person to remotely capable of causing a denial of service. Python has released updates to fix the vulnerabilities. More information can be found on the pages below:...

Python has an unspecified vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.8.4, which stems from the program's failure to enforc...

Solaris 10 (sparc) : 143506-15

GNOME 2.6.0: Python patch. Date this patch was last updated by Sun : Jul/13/20 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid138422; scriptversion"1.1";...

CVE-2013-7489

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...

Python Resource Management Error Vulnerability (CNVD-2020-52841)

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in the IPv4Interface and IPv6Interface of the Lib/ipaddress.py file in...

Arbitrary Code Execution

python is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...

Denial Of Service (DoS)

python is vulnerable to denial of service. Multiple integer underflow and overflow flaws were found in the Python snprintf wrapper implementation. An attacker could use these flaws to cause a denial of service memory corruption...

svglib package for Python code issue vulnerability

svglib package for Python is a Python library for reading and converting SVG files. A code issue vulnerability exists in svglib package 0.9.3 and earlier Python, which can be exploited by an attacker to conduct an XXE attack via a svg2rlg call...