57405 matches found
Important: Red Hat Security Advisory: python3 security update
An update for python3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...
vulnscan
VulnScan — Automatic Vulnerability Scanner Kali Linux Edit...
Astra Linux - уязвимость в python2.7, python3.11, python3.7
When constructing nested elements using XMLDom.minidom methods like appendChild, which rely on clearidcache, the algorithm has a quadratic complexity. This can affect the availability of documents when they are constructed with excessively nested structures...
Astra Linux - уязвимость в python-jwcrypto
JWCrypto implements the JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker could cause a denial-of-service attack by passing in a malicious JWE Token with a high compression ratio. When the server processed this token, it would consume a lot of memory...
Astra Linux - уязвимость в python3.11, python2.7, python3.7, pypy
The email module in Python, as of version 3.11.3, incorrectly parses email addresses that contain special characters. The incorrect portion of the RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism by allowing access to...
Astra Linux - уязвимость в python-urllib3
The urllib3 library before version 1.24.2 in Python mishandles certain cases where the desired set of CA certificates differs from the CA certificates stored in the operating system’s store. As a result, SSL connections succeed in situations where a verification failure would be the correct...
Astra Linux - уязвимость в python3.11
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL’s media type...
Astra Linux - уязвимость в python-psutil
psutil also known as python-psutil from version 5.6.5 onwards may have a double-free issue. This issue occurs due to improper handling of reference counts within a while loop or for loop, which converts system data into a Python object...
Astra Linux - уязвимость в python3.11, python3.7
The imaplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...
Astra Linux - уязвимость в python2.7, pypy
In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...
Astra Linux - уязвимость в python3.7
A flaw was discovered in Python. In algorithms with quadratic time complexity that use non-binary bases, when using int“text”, a system may take 50 milliseconds to parse an int string with 100,000 digits, and 5 seconds for strings with 1,000,000 digits. Functions like float, decimal, int.frombyte...
Astra Linux - уязвимость в python-urllib3
urllib3 is a user-friendly HTTP client library for Python. urllib3 does not treat the Cookie HTTP header specially or provides any helpers for managing cookies over HTTP; that responsibility lies with the user. However, it is possible for a user to specify a Cookie header, and information may be...
Astra Linux - уязвимость в pypy, jython
The documentation XML-RPC server in Python, from versions 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4, has XSS vulnerabilities due to the servertitle field. This issue occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If the setservertitle function ...
Astra Linux - уязвимость в python3.7
The readints function in plistlib.py in Python from version 3.9.1 is vulnerable to a potential Distributed Denial-of-Service DoS attack due to CPU and RAM exhaustion when processing malformed Apple Property List files in binary format...
Astra Linux - уязвимость в python-cryptography
In the cryptography package for Python before version 3.3.2, certain sequences of update calls to symmetrically encrypt multi-GB values could lead to integer overflows and buffer overflows, as demonstrated by the Fernet class...
Astra Linux - уязвимость в lxml
A XSS vulnerability was discovered in the python-lxml’s clean module versions prior to 4.6.3. When the “safe attrsonly” and “forms” arguments are disabled, the Cleaner class does not remove the “formaction” attribute, allowing JavaScript to bypass the sanitizer. A remote attacker could exploit th...
Astra Linux - уязвимость в pypy
A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...
Astra Linux - уязвимость в python-urllib3
urllib3 before version 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...
Astra Linux - уязвимость в python2.7, python3.7, pypy
A XXE issue was discovered in Python through version 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to prevent XML vulnerabilities...