Red Hat Security Advisory 2024-6907-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
70e01044b471297410d066c61014264d7aa8e71f06687db355eeebad21c7720bUbuntu Security Notice 7015-2 - USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for python3.5 for Ubuntu 16.04 LTS. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. This issue only affected python3.5 for Ubuntu 16.04 LTS
550d08e8b345790a9bdb83fddf576842c6d60bb9e802b14bfb08aae08445627eRed Hat Security Advisory 2024-6775-03 - An update for python-webob is now available for Red Hat OpenStack Platform 18.0.
87a073bed7638a05e5dc3c8060c437383c6d67ffba290c352fb329a325adf572This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
5acb6c6d8634611b63c2c7dbe9d099afc2807b183f5f065ed3557bc52c57aa7dUbuntu Security Notice 7015-1 - It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service.
0224b04ebdd855ff165cab147873523db9bc82d1b5c8fdecef438adbabb325b4Red Hat Security Advisory 2024-6662-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
5f83bf1f4e1cfd470fd81ba14113e56227cea4b74f7493cf3f3b08a762af42eeStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
81c5da92bf3f55c9e71cb8923bf2e39a85511e493d5d41a0e6352368125a8969Red Hat Security Advisory 2024-6358-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
2cb95cae70a744555922e13f2167f7812d638bff19f4fac33a90a8ceb8cc9e3aRed Hat Security Advisory 2024-6240-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
f8ca12fedc9f586716f20cf429a796cdd840be64f85e2b9c6fd565f7f380813fRed Hat Security Advisory 2024-6162-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.
f6321cce0f4160f75f610bd76debfb6a5d8d980acaef8ee9cd4a1af4c88c7f11Debian Linux Security Advisory 5763-1 - William Khem-Marquez discovered that Pymatgen, a Python library for materials analysis, could be tricked into running arbitrary code if a malformed CIF file is processed.
bdcbd1c6000eda313c41cb0d5a73e82213383a8c9e63d571162a7f57daf4f021This Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list may need to be updated, depending on what media file is to be played. Python SimpleHTTPServer is not recommended. Also, if youre playing a video, the URL must be an IP address. Some AppleTV devices are actually password-protected; in that case please set the PASSWORD datastore option. For password brute forcing, please see the module auxiliary/scanner/http/appletv_login.
98d9e586a534095e5d0b6f478a9570f6bcf61c7030ee08f41c68fcaf77e0442bMicrosoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.
04c38d06a082513de8abf2875e18f1ebec41c245eac05cf7f60cc0cff919185aThis python script is a proof of concept exploit that demonstrates a IPv6 related memory corruption in Microsoft Windows.
e6be8f94e65ac49e1c64112d19884e8a3c0da0f9997c4e2f50859639ac393ab4Debian Linux Security Advisory 5759-1 - Multiple security issues were discovered in Python, a high-level, interactive, object-oriented language.
7e9c4ce782f915b30381e83986f37934f5a637dda3a1e6974f0c1c24602fb613Debian Linux Security Advisory 5750-1 - Support for the "strict kex" SSH extension has been backported to AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening against the Terrapin attack.
0be1047e4d16efb9e6e3b1cb4e8a3bc474db795c8586bfdc7190a98d2149a514Red Hat Security Advisory 2024-5534-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
1a2da727428b487d6f13f9474d3cb49e9d65d3986eb259ee5e14277f2f9ed97eRed Hat Security Advisory 2024-5530-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
783bb0e94cef753c7d67f3388fbaef209896da128227ce789784682ff5ca474aRed Hat Security Advisory 2024-5526-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
48d2348a69b402487025db81087e780b17e01e1ef07a2704564b0ce099421d8eRed Hat Security Advisory 2024-5389-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
344633596e85e4dae777b2d0a1216d26017609173266ebd5373f1ad29ed1a2f2Red Hat Security Advisory 2024-5309-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.
26d91382ce3b7ddca583d585d84a25f0d47d55ad1c1f086b5a2e2ce936851e8aGentoo Linux Security Advisory 202408-31 - A vulnerability has been discovered in protobuf and protobuf-python, which can lead to a denial of service. Versions greater than or equal to 3.20.3 are affected.
eadc67e3419f076cd2de528fbc9c00208699c0bc0f0ddec23dcad5d674871d0eRed Hat Security Advisory 2024-5137-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
51d4cff8f2083764be4d7856bfc4599eae4bcb272be29f3eaf69424e3713aef7This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does not require any authentication. The injected payload will get executed in the same context under which Calibre is being executed.
2678fd269bdb79e8ada27f1f7870d0382cc42ef2fd75bd19a29cff06a2dd56c3Journyx version 11.5.4 has an issue where attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow.
3bd6b3cad1bc2ee8d0610e9fb86fce5f44fde3b2f6c6e92fc16ee37f0e43bb27
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed