Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC0DA9EAB6E2D9B87CB9524847CA01C2D7A539BC0B9EE1A3B192B5725ECD33897
HistoryDec 20, 2019 - 2:50 p.m.

Security Bulletin: Multiple Vulnerabilities in python affects IBM Watson Studio Local

2019-12-2014:50:32
www.ibm.com
14

0.007 Low

EPSS

Percentile

80.8%

JSON

Summary

Multiple vulnerabilities in python affects IBM Watson Studio Local

Vulnerability Details

CVEID:CVE-2019-10160
**DESCRIPTION:**A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162358 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2018-1060
**DESCRIPTION:**python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib’s apop() method. An attacker could use this flaw to cause denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/145116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2018-1061
**DESCRIPTION:**python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/145115 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Studio - Local 1.2.3

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Watson Studio Local 2.1 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;
IBM Cloud Pak for Data 2.5 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm watson studio localeq1.2.3

Related

openvas 58
nessus 66
cvelist 2
cve 1
debiancve 1
f5 1
ibm 11
redhat 3
amazon 7
nvd 1
veracode 1
redhatcve 2
centos 2
suse 3
oraclelinux 3
osv 6
prion 1
ubuntucve 2
fedora 17
mageia 2
debian 4
photon 3
cloudlinux 1
ubuntu 1
openvas
openvas
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1337)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1403)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2019-1771)
2020-01-23 00:00:00
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0061)
2019-08-12 00:00:00
EulerOS 2.0 SP3 : python (EulerOS-SA-2019-1337)
2019-05-06 00:00:00
EulerOS Virtualization for ARM 64 3.0.1.0 : python (EulerOS-SA-2019-1403)
2019-05-14 00:00:00
cvelist
cvelist
CVE-2019-10160
2019-06-07 17:50:33
CVE-2018-1061
2018-06-19 12:00:00
cve
cve
CVE-2019-10160
2019-06-07 18:29:00
debiancve
debiancve
CVE-2019-10160
2019-06-07 18:29:00
f5
f5
K57542514 : Python vulnerabilities CVE-2019-9636 and CVE-2019-10160
2020-09-16 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2019-10160)
2020-02-28 16:57:13
Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2018-1060, CVE-2018-1061)
2018-12-10 12:55:02
Security Bulletin: Vulnerabilities in Python affect PowerKVM
2018-12-17 14:20:01
redhat
redhat
(RHSA-2019:1587) Important: python security update
2019-06-20 19:51:08
(RHSA-2018:3041) Moderate: python security and bug fix update
2018-10-30 04:12:01
(RHSA-2019:1700) Important: python27-python security update
2019-07-08 10:38:49
amazon
amazon
Important: python3
2019-08-07 23:48:00
Important: python34, python35, python36
2019-08-07 23:03:00
Medium: python27
2018-12-06 00:22:00
nvd
nvd
CVE-2019-10160
2019-06-07 18:29:00
veracode
veracode
Information Disclosure
2019-06-24 00:20:59
redhatcve
redhatcve
CVE-2019-10160
2019-10-30 10:37:32
CVE-2018-1061
2018-04-04 01:48:52
centos
centos
python, tkinter security update
2019-06-24 17:07:31
python, tkinter security update
2018-11-15 18:51:33
suse
suse
Security update for python (important)
2019-08-15 00:00:00
Security update for python3 (moderate)
2018-09-14 18:08:02
Security update for python, python-base (moderate)
2018-11-10 00:20:28
oraclelinux
oraclelinux
python security update
2019-06-13 00:00:00
python security and bug fix update
2018-11-05 00:00:00
python security update
2019-06-20 00:00:00
osv
osv
CVE-2019-10160
2019-06-07 18:29:00
urlsplit does not handle NFKC normalization (second fix)
2019-06-07 17:50:33
python3.4 - security update
2018-09-25 00:00:00
prion
prion
Authentication flaw
2019-06-07 18:29:00
ubuntucve
ubuntucve
CVE-2019-10160
2019-06-07 00:00:00
CVE-2018-1061
2018-06-19 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: python34-3.4.9-2.fc28
2018-08-16 08:08:04
[SECURITY] Fedora 28 Update: python3-3.6.5-1.fc28
2018-04-06 11:10:57
[SECURITY] Fedora 27 Update: python3-docs-3.6.5-1.fc27
2018-04-09 19:10:14
mageia
mageia
Updated python packages fix security vulnerabilities
2018-05-29 22:41:14
Updated python3 packages fix security vulnerabilities
2018-06-04 18:11:47
debian
debian
[SECURITY] [DSA 4307-1] python3.5 security update
2018-09-28 19:17:56
[SECURITY] [DLA 1519-1] python2.7 security update
2018-09-25 23:47:43
[SECURITY] [DSA 4306-1] python2.7 security update
2018-09-27 21:05:32
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0086
2018-08-23 00:00:00
Important Photon OS Security Update - PHSA-2018-0086
2018-08-24 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0178
2018-08-23 00:00:00
cloudlinux
cloudlinux
Security fix for CVE-2019-10160
2021-03-17 17:15:57
ubuntu
ubuntu
Python vulnerabilities
2018-11-15 00:00:00

0.007 Low

EPSS

Percentile

80.8%

JSON
Related for C0DA9EAB6E2D9B87CB9524847CA01C2D7A539BC0B9EE1A3B192B5725ECD33897
openvas58nessus66cvelist2cve1debiancve1f51ibm11redhat3amazon7nvd1veracode1redhatcve2centos2suse3oraclelinux3osv6prion1ubuntucve2fedora17mageia2debian4photon3cloudlinux1ubuntu1