Security fix for the ALT Linux 10 package python3 version 3.9.16-alt1

3.9.16-alt1 built March 27, 2023 Grigory Ustinov in task 317117 March 21, 2023 Grigory Ustinov - Updated to upstream version 3.9.16 Closes: 45598 Fixes: CVE-2022-37454...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-1577)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-1587)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This...

Bitbucket 7.0.0 Remote Command Execution

Exploit Title: Bitbucket v7.0.0 - RCE Date: 09-23-2022 Exploit Author: khal4n1 Vendor Homepage: https://github.com/khal4n1 Tested on: Kali and ubuntu LTS 22.04 CVE : cve-2022-36804 The following exploit is used to exploit a vulnerability present Atlassian Bitbucket Server and Data Center 7.0.0...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1587)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2023-146)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-146 advisory. An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. CVE-2021-25290 An issue was discovered in Pillow before 8.1.1. In...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2023:0868-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0868-1 advisory. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting...

Critical Photon OS Security Update - PHSA-2023-3.0-0556

Updates of 'python3' packages of Photon OS have been released...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1577)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0868-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to...

Amazon Linux 2 : python3 (ALAS-2023-1990)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1990 advisory. An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ibexa Ezplatform-Graphql

CVE-2022-41876 - eZ Platform user information disclosure A vu...

Amazon Linux 2023 : python3-subversion, subversion, subversion-devel (ALAS2023-2023-011)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-011 advisory. A flaw was found in Subversion. When using path-based authorization authz, the helper function detectchanged does not omit potentially sensitive information from log messages. In particular, if...

Amazon Linux 2023 : python3-bottle (ALAS2023-2023-082)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-082 advisory. Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. CVE-2022-3179 Bottle before 0.12.20 mishandles errors during early request binding. CVE-2022-31799 Tenable has...

Amazon Linux 2023 : python3-lxml (ALAS2023-2023-034)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-034 advisory. There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2023-104)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-104 advisory. Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non- default configuration. The Python multiprocessing library, when used with the forkserver...

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2023-057)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-057 advisory. A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacke...

Amazon Linux 2023 : python3-certifi (ALAS2023-2023-062)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-062 advisory. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from...

Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-130)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-130 advisory. Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResourc...

Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-056)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-056 advisory. A flaw was found in the twisted Python library when WebClient redirects via the RedirectAgent and BrowserLikeRedirectAgent methods. This flaw allows an attacker to take advantage of these...