 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.12.2025.7348.1 |
| Categoría: | Ubuntu Local Security Checks |
| Título: | Ubuntu: Security Advisory (USN-7348-1) |
| Resumen: | The remote host is missing an update for the 'python3.5, python3.8' package(s) announced via the USN-7348-1 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'python3.5, python3.8' package(s) announced via the USN-7348-1 advisory. Vulnerability Insight: It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered 'private' or 'globally reachable'. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-4032) It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated. (CVE-2024-9287) It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-11168) It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938) Affected Software/OS: 'python3.5, python3.8' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-11168 Common Vulnerability Exposure (CVE) ID: CVE-2024-4032 https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8 https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3 https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906 https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3 https://github.com/python/cpython/issues/113171 https://github.com/python/cpython/pull/113179 https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/ https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml http://www.openwall.com/lists/oss-security/2024/06/17/3 Common Vulnerability Exposure (CVE) ID: CVE-2024-9287 Common Vulnerability Exposure (CVE) ID: CVE-2025-0938 |
| Copyright | Copyright (C) 2025 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |