EUVD-2020-29358

Malware in sbrugna...

Python Multiple Vulnerabilities (Mar 2024) - Mac OS X

Python is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Security update for python3 (moderate)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2021:4104-1 Rating: moderate References: 1180125 1183374 1183858 1185588 1187668 1189241 1189287 Cross-References: CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3426 NVD : 5.7...

SUSE: Security Advisory (SUSE-SU-2021:3486-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:3489-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : tauthon -- Regular Expression Denial of Service (c7855866-c511-11eb-ae1d-b42e991fc52e)

The :class:urllib.request.AbstractBasicAuthHandler class of the :mod:urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Python -- multiple vulnerabilities

Python reports: bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect calls. Patch by Erlend E. Aasland. bpo-43882: The presence of newline or tab characters in parts of a URL could allow some...

Security update for python3 (important)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2020:2333-1 Rating: important References: 1155094 1174091 1174571 1174701 1177211 1178009 1179193 1179630 Cross-References: CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-5010 CVE-2020-14422 CVE-2020-26116...

RHEL 8 : python38:3.8 (RHSA-2020:4641)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4641 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Moderate: python3 security and bug fix update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: Red Hat Security Advisory: rh-python36 security, bug fix, and enhancement update

An update for rh-python36-python, rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives...

Amazon Linux 2 : python, --advisory ALAS2-2020-1432 (ALAS-2020-1432)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1432 advisory. http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain:...

Medium: python

Issue Overview: http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has anoth...

GLSA-202005-09 : Python: Denial of service

The remote host is affected by the vulnerability described in GLSA-202005-09 Python: Denial of service An issue was discovered in urllib.request.AbstractBasicAuthHandler which allowed a remote attacker to send malicious data causing extensive regular expression backtracking. Impact : An attacker...

Python: Denial of service

Background Python is an interpreted, interactive, object-oriented programming language. Description An issue was discovered in urllib.request.AbstractBasicAuthHandler which allowed a remote attacker to send malicious data causing extensive regular expression backtracking. Impact An attacker could...

EulerOS 2.0 SP8 : python2 (EulerOS-SA-2020-1295)

According to the versions of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED The Waveread.readfmtchunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-1296)

According to the version of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regula...

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

Code injection

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...