English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.2.2019.1778
Category:Huawei EulerOS Local Security Checks
Title:Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2019-1778)
Summary:The remote host is missing an update for the Huawei EulerOS 'python3' package(s) announced via the EulerOS-SA-2019-1778 advisory.
Description:Summary:
The remote host is missing an update for the Huawei EulerOS 'python3' package(s) announced via the EulerOS-SA-2019-1778 advisory.

Vulnerability Insight:
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160)

Affected Software/OS:
'python3' package(s) on Huawei EulerOS V2.0SP8.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-10160
FEDORA-2019-2b1f72899a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/
FEDORA-2019-50772cf122
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/
FEDORA-2019-57462fa10d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/
FEDORA-2019-5dc275c9f2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/
FEDORA-2019-60a1defcd1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/
FEDORA-2019-7723d4774a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/
FEDORA-2019-7df59302e0
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/
FEDORA-2019-9bfb4a3e4b
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/
FEDORA-2019-b06ec6159b
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/
FEDORA-2019-d202cda4f8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/
RHSA-2019:1587
https://access.redhat.com/errata/RHSA-2019:1587
RHSA-2019:1700
https://access.redhat.com/errata/RHSA-2019:1700
RHSA-2019:2437
https://access.redhat.com/errata/RHSA-2019:2437
USN-4127-1
https://usn.ubuntu.com/4127-1/
USN-4127-2
https://usn.ubuntu.com/4127-2/
[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update
https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update
https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160
https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09
https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e
https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de
https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html
https://security.netapp.com/advisory/ntap-20190617-0003/
openSUSE-SU-2019:1906
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html
openSUSE-SU-2020:0086
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
CopyrightCopyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.