LibreOffice Remote Code Execution (CVE-2019-9848)

A remote code execution vulnerability exists in LibreOffice. The vulnerability is due to the document event feature being permitted to execute LibreLogo scripts, which permits the execution of Python code. A remote attacker could exploit the vulnerability by enticing a user to open a specially...

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

DEBIAN-CVE-2019-9674

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service resource consumption via a ZIP bomb...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Vulnerability (NS-SA-2020-0002)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by a vulnerability: - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python Vulnerability (NS-SA-2019-0260)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by a vulnerability: - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in...

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

python: Cookie domain check returns incorrect results

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

python: NULL pointer dereference using a specially crafted X509 certificate

A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Python security vulnerability (CVE-2019-10160)

Summary IBM Cloud Kubernetes Service is vulnerable to CVE-2019-10160 Python security vulnerability which could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling. Vulnerability Details CVE-ID: CVE-2019-10160 Description: Python...

Python urllib2 and urllib injection vulnerabilities

Python is an open source, object-oriented programming language from the Python Software Foundation. The language has features such as extensibility, support for modules and packages, and support for multiple platforms. urllib is one of the modules used to handle URLs. urllib2 is one of the module...

USN-4151-1 python2.7, python3.5, python3.6, python3.7 vulnerabilities

It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. CVE-2019-16056 It was discovered that the Python documentation XML-RPC server incorrectly...

MSI installer for Python code execution vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, supports multiple platforms, etc. MSI installer for Python is a Windows-based Python installer. A security vulnerability exists in MSI...

Information Disclosure

python is vulnerable to information disclosure. A regression of CVE-2019-9636 due to a functional fix to allow port numbers in netloc allows an attacker to locate confidential information such as cookies and authentication data and forward the information to a different host. python: regression o...

Python Information Disclosure Vulnerability (CNVD-2019-17319)

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. An information disclosure vulnerability exists in Python. The vulnerability stems from errors such as...

UBUNTU-CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL...

python-jinja2: Sandbox escape due to information disclosure via str.format

A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...

OPENSUSE-SU-2019:0184-1 Security update for python

This update for python fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser bsc1122191 This update was imported from the SUSE:SLE-15:Update update project...

Python Information Disclosure Vulnerability (CNVD-2019-07926)

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python versions 2.7.x through 2.7.16 and 3.x through 3.7.2. The...

Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in Python (CVE-2017-1000158)

Summary Vulnerability in Python has been addressed by IBM RackSwitch firmware products listed below. Vulnerability Details CVEID: CVE-2017-1000158 DESCRIPTION: CPython is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the PyStringDecodeEscape function in...

Python Integer Overflow Vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. An integer overflow vulnerability exists in the Modules/pickle.c file in Python versions prior to 3.7.1,...