The documentation for the python CGI module suffers from a cross site scripting vulnerability.
12070a3cded8397a9c1036c6ffa17c97d5ef5a584b91e3216867995ff23654e8Ubuntu Security Notice 5960-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters.
727432be8aaebcbbf1e8da1308a8110c3c6dc6fb3ff312a8e8e10aae1adc194bRed Hat Security Advisory 2023-1281-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform. Issues addressed include a remote shell upload vulnerability.
987d8f013217b57d1857239f6881cfb726cc3c00c621957b53627dccfc7f4cd9Ubuntu Security Notice 5931-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
33bbf9788230cbeb99c657b8e28943adea06a0071c8079fb8b2553765bcb5937Ubuntu Security Notice 5930-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
3eea1d8c54397f96a37251d32922f85c73164c2faad23c5a4a9d2e29e9aef977Ubuntu Security Notice 5767-3 - USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
3dc497cd1ab19fc28ac4bd2bee894b67b6bef61851ee8c1945e255f133cd4e65This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.
e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1Red Hat Security Advisory 2023-1018-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Issues addressed include a remote shell upload vulnerability.
6cabeb616cc86e2cbaf9eeff580fc77e5c814243da7ceecee78741afbe444047Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
3ed05d8a034b8ccbd8a190a2e4579c85ef5adbb3a2f5970087da2e589448bbc5Red Hat Security Advisory 2023-0953-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.
b5ad1e43933d7e24b476c3cf80940d752fa7092183eaed9377f53229089d1d6dRed Hat Security Advisory 2023-0952-01 - The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Issues addressed include a denial of service vulnerability.
fb2936f61c7a56b483e25b1ab813e286f55c4a47de538bae7445c193330a72adpyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and can not be used by external hosts. A secondary Click N Load service runs on port 9666 and can be used remotely without authentication.
d86b89ccd29b81ac570725e1b71f96f42350980adb191ce14634207100bc2450Red Hat Security Advisory 2023-0833-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.
d16dc5abdc87b7c6d25b0c046da8d55627f3f9d1e6610e67e99f688d38471729Red Hat Security Advisory 2023-0835-01 - The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Issues addressed include a denial of service vulnerability.
0db01913a566b40df32e9b18db293ace5abaa2967dab38c26950a2e1d3079462AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
65c5483016570ea2fd986c9fd302001786b8924e7bfe294e0bbbd46f415bf974Monitorr version 1.7.6 remote shell upload proof of concept exploit written in Python.
c0040528446da97e96fe4067b3c78e371267bbe3dfac766ad6862a81992f7d59This python script is a fuzzer for the NDC protocol. The NDC protocol enables international and local payment transactions in cash as well as with bank cards. NDC permit Terminals "ATMS" to send unsolicited requests to the Server "NDC Server". This script sends fuzzed requests to the server in order to discover memory related security flaws.
5f5273c43dc8bb3a4edff6ba5eb375ca9168c43124cbd5198b85dbabec1bc16dUbuntu Security Notice 5833-1 - Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service.
d15cff8644784b9d4f12f574dd93984e0f0dfda35c43880b6bf30496f902b79aRed Hat Security Advisory 2023-0276-01 - Python ServerView Common Command Interface Client Library.
67306987ff6b2a6ecd3ffe2346719849b8e54cbb98876b8938b4cbfeb906ae8aScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
97c3f6c9258eeaa609e3ccab62531670b425713dd17c0415f512201c2b8cc82eUbuntu Security Notice 5767-2 - USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.
63c7337bd47f13871b70d5ee38366430f1b2adff27aa41fb426d28bd98c80b47Ubuntu Security Notice 5767-1 - Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.
7c1e978b221fce1e3215a3c441af36781bffe05e45a13e452423ec7ff4141283Red Hat Security Advisory 2022-8849-01 - An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 16.2.4 (Train).
b5f2399b157132ac68978227b44fcc1e661060d2608fe5b0472f9901a19901f3Red Hat Security Advisory 2022-8852-01 - A fast multidimensional array facility for Python. Issues addressed include a null pointer vulnerability.
e7c358fe90f07722512e48d1b79078c54950be8243c60d15e1998e34cfef993bRed Hat Security Advisory 2022-8873-01 - An update for python-oslo-utils is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
cc0254af4ecc595e7fa8b392f35777ae1c6474a1add6cc4bfec7cb137ec72c77
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed