Download
| Alert*
|
oval:org.secpod.oval:def:504856
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:66840 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fix: * numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code execution * ... oval:org.secpod.oval:def:504402 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fix: * numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code execution * ... oval:org.secpod.oval:def:1505300 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500000 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. oval:org.secpod.oval:def:1601032 An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. Python 2.7.x and 3.x are affected ... oval:org.secpod.oval:def:1601077 A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authenticat ... oval:org.secpod.oval:def:89050673 This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter . Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optim ... oval:org.secpod.oval:def:89000055 This update for python36 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk . - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs . - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat . oval:org.secpod.oval:def:205342 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1601016 Python 2.7.x through 2.7.16 is affected by: Improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate ... oval:org.secpod.oval:def:504974 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:2104639 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lac ... oval:org.secpod.oval:def:89050906 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. - CVE-2019-16056: Fixed a parser issue in the email module. - CVE-2019-16 ... oval:org.secpod.oval:def:1504246 [3.6.8-15.1.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-15.1] - Patch 329 modified: Added workaround for mod_ssl: Skip error checking in _Py_hashlib_fips_error Resolves: rhbz#1760106 [3.6.8-15] - Patch 329 that adds support for OpenSSL FIPS mode has been improved a ... oval:org.secpod.oval:def:58426 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:1700194 An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This is similar to the CVE-2019-97 ... oval:org.secpod.oval:def:1504408 [2.7.5-86.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-86] - Security fix for CVE-2019-10160 Resolves: rhbz#1718388 [2.7.5-85] - Security fix for CVE-2019-9948 Resolves: rhbz#1704174 [2.7.5-84] - Disallow control chars in http URLs - Fixes CVE-2019-9740 and CVE-2019-9 ... oval:org.secpod.oval:def:89050429 This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk . - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ . - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat . oval:org.secpod.oval:def:116617 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ... oval:org.secpod.oval:def:1601020 An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command oval:org.secpod.oval:def:89050320 This update for python fixes the following issues: Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions . oval:org.secpod.oval:def:503270 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:503394 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:58423 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:1601008 Python is affected by improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authenticat ... oval:org.secpod.oval:def:54088 The host is installed with Python through versions 2.7.16 or 3.7.2 and is prone to a CRLF injection vulnerability. The flaw is present in the application, which fails to properly handle an issue in urrlib2. Successful exploitation allows attackers to initiate CRLF injection. oval:org.secpod.oval:def:116673 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ... oval:org.secpod.oval:def:1901767 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This ... oval:org.secpod.oval:def:1802036 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character ... oval:org.secpod.oval:def:58857 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... oval:org.secpod.oval:def:2106070 Oracle Solaris 11 - ( CVE-2019-18348 ) oval:org.secpod.oval:def:89050712 This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter . Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optim ... oval:org.secpod.oval:def:89000180 This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball . - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service ... oval:org.secpod.oval:def:66476 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... |
