Gentoo Linux Security Advisory 202405-1 - Multiple vulnerabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. Versions greater than or equal to 3.10.14:3.10 are affected.
6e25bc5c65df63d8a01e63b802487986b9e6cedfc10b8dea10de68a2cc7d298e
Red Hat Security Advisory 2024-2559-03 - An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
d57c593f87b1c3af1db8e653f8db1f35bb9247bc2729d39ae842d3a029078435
Red Hat Security Advisory 2024-2348-03 - An update for python-jinja2 is now available for Red Hat Enterprise Linux 9.
40e16c4c3a8c45c9ce63730f567c7f948ffc9024e153e448c4edc106051f6c31
Red Hat Security Advisory 2024-1931-03 - An update for python-yaql and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 17.1. Issues addressed include an information leakage vulnerability.
f09199553f7b3630835681601d8950a0470eea214046a12073f0c1f4f198fbd0
Red Hat Security Advisory 2024-1930-03 - An update for openstack-tripleo-heat-templates and python-yaql is now available for Red Hat OpenStack Platform 17.1. Issues addressed include an information leakage vulnerability.
e21c5ae4425f4d68b68766a57b02994785567147df18a1eb61161a4c8c724752
pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target application. This exploit supports two techniques by which the payload can be loaded, depending on whether or not credentials are specified. If valid credentials are provided, Metasploit will login to pgAdmin and upload a payload object using pgAdmin's file management plugin. Once uploaded, this payload is executed via the path traversal before being deleted using the file management plugin. This technique works for both Linux and Windows targets. If no credentials are provided, Metasploit will start an SMB server and attempt to trigger loading the payload via a UNC path. This technique only works for Windows targets. For Windows 10 v1709 (Redstone 3) and later, it also requires that insecure outbound guest access be enabled. Tested on pgAdmin 8.3 on Linux, 7.7 on Linux, 7.0 on Linux, and 8.3 on Windows. The file management plugin underwent changes in the 6.x versions and therefore, pgAdmin versions below 7.0 cannot utilize the authenticated technique whereby a payload is uploaded.
841d670fe90193388942d1169f9624f5fb5ef8dcf21530ef2dc60444dccc5377
This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91
Red Hat Security Advisory 2024-1518-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.2.
4139fe8722da9090b649b6c2e329d28e730741d7fd1766e8611ccc508a83a955
Red Hat Security Advisory 2024-1516-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.1.
cca5a4488ff9b7699fd1a94c08ef52f1f53425aa624700fb9ed880aa369c470e
Ubuntu Security Notice 6673-2 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information.
c4fe18ae97be2193d34a7e1f1b12596463b48313b3820550e75dc093759247ba
Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.
01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48a
Red Hat Security Advisory 2024-1060-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
760ee5b7d8e2659215b52748f1d60365ac4849df90830cfd3f71064349e878df
Red Hat Security Advisory 2024-1059-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
02992f7c48d13d7834456c07f3822b6de0850dc4c50dc9baeb00d0d3540d8730
Red Hat Security Advisory 2024-1058-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a code execution vulnerability.
92af62c9e4ab8b602262f8dc118f075d3342c33ab951114c5cfa8a7d29694672
Ubuntu Security Notice 6668-1 - It was discovered that when python-openstackclient attempted to delete a non-existing access rule, it would delete another existing access rule instead, contrary to expectations.
8b976b5faa5d4b10b0fc031169e7fc9d450e6f7d3e44c15b0b2209066d59a417
Red Hat Security Advisory 2024-0893-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
c38f79aa1fb6858b5c05f7a4fe033ec4d8c9043ac0b28db82931dc9620b2aa19
Red Hat Security Advisory 2024-0857-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 7. Issues addressed include a code execution vulnerability.
477156adac9fcdf1d868e035fabb6e0d47125c4a8ed81b73a516eeb0465cc5fe
Red Hat Security Advisory 2024-0754-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.
73e8f56ca7554fb868a666139c8a00887803431311bd6fbf18291327741a2aef
Red Hat Security Advisory 2024-0588-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
6436a3c69d590a691ed1868695481dfc85517b642342b841f4c555390078c3cf
Red Hat Security Advisory 2024-0587-03 - An update for python-pip is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a traversal vulnerability.
54f65fc64232ca26db36e6428dcbc73ae9e63ad1f8e5b0e49228842970aaa122
Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python.
4fdefdc8a91925284359a1beec765f58e6f6a5a76aa3e27c5a5a2fb4ba6cd562
Red Hat Security Advisory 2024-0464-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.
5e2d7a5624f97d20a6d70a2a3e5fdb17bfba7509f3c18063065f005ae58cf9e0
Red Hat Security Advisory 2024-0374-03 - An update for python-pip is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a traversal vulnerability.
aca7268546fe5f209e0fa0512ae242587576a7d22a54acf950b7abcdf24acef6
Red Hat Security Advisory 2024-0345-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 7.
577f221d2e76f426fe238a8135c7fae4c7d1338480e41329e362e8922a5d1576
Red Hat Security Advisory 2024-0300-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
4412f703d959c59aa8a60d7a59b5e7a78dd01b8efcff48d6555296c3f35bf621