Download
| Alert*
|
oval:org.secpod.oval:def:71312
The host is installed with Python 2.0.x through 2.7.17, 3.0.x before 3.5.10, 3.6 before 3.6.11, 3.7 through 3.7.8 or 3.8 before 3.8.3 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle a url parameter. Successful exploitation allows C ... oval:org.secpod.oval:def:1601187 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injec ... oval:org.secpod.oval:def:1601182 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injec ... oval:org.secpod.oval:def:70205 python3.8: Interactive high-level object-oriented language Details: USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Linux Mint 20.x LTS. Original advisory Several security issues were fixed in Python. oval:org.secpod.oval:def:70193 python3.7: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:89044050 This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator . oval:org.secpod.oval:def:89050327 This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised . - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . oval:org.secpod.oval:def:1601177 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking oval:org.secpod.oval:def:118402 Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software Co ... oval:org.secpod.oval:def:89000075 This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed t ... oval:org.secpod.oval:def:89000307 This update for python3 fixes the following issue: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised . - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . - CVE-2020-8492: Fixed a regular expre ... oval:org.secpod.oval:def:705439 python3.7: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:705460 python3.8: Interactive high-level object-oriented language Details: USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory Several security issues were fixed in Python. oval:org.secpod.oval:def:89000504 This update for python36 fixes the following issues: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised . oval:org.secpod.oval:def:89000446 This update for python36 fixes the following issues: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen - CVE-2019-20916: Fixed a directory traversal in _download_http_url . - CVE-2020-27619: Fixed an issue where the CJK codec tests call eval on content retrieve ... oval:org.secpod.oval:def:504947 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:89048004 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. The following non-security bug was fixed: - Fixed a crash in the garbage co ... oval:org.secpod.oval:def:3300960 SUSE Security Update: Security update for python3 oval:org.secpod.oval:def:1601134 http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname ... oval:org.secpod.oval:def:117376 Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ... oval:org.secpod.oval:def:117277 Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ... oval:org.secpod.oval:def:117271 Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ... oval:org.secpod.oval:def:89047169 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 , where Lib/test/multibytecodec_support calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 - ad ... oval:org.secpod.oval:def:89000524 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 , where Lib/test/multibytecodec_support calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 - ad ... oval:org.secpod.oval:def:504961 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:2106070 Oracle Solaris 11 - ( CVE-2019-18348 ) |
