Red Hat Security Advisory 2024-6907-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
70e01044b471297410d066c61014264d7aa8e71f06687db355eeebad21c7720b
Ubuntu Security Notice 7015-2 - USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for python3.5 for Ubuntu 16.04 LTS. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. This issue only affected python3.5 for Ubuntu 16.04 LTS
550d08e8b345790a9bdb83fddf576842c6d60bb9e802b14bfb08aae08445627e
Red Hat Security Advisory 2024-6775-03 - An update for python-webob is now available for Red Hat OpenStack Platform 18.0.
87a073bed7638a05e5dc3c8060c437383c6d67ffba290c352fb329a325adf572
This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
5acb6c6d8634611b63c2c7dbe9d099afc2807b183f5f065ed3557bc52c57aa7d
Ubuntu Security Notice 7015-1 - It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service.
0224b04ebdd855ff165cab147873523db9bc82d1b5c8fdecef438adbabb325b4
Red Hat Security Advisory 2024-6662-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
5f83bf1f4e1cfd470fd81ba14113e56227cea4b74f7493cf3f3b08a762af42ee
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
81c5da92bf3f55c9e71cb8923bf2e39a85511e493d5d41a0e6352368125a8969
Red Hat Security Advisory 2024-6358-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
2cb95cae70a744555922e13f2167f7812d638bff19f4fac33a90a8ceb8cc9e3a
Red Hat Security Advisory 2024-6240-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
f8ca12fedc9f586716f20cf429a796cdd840be64f85e2b9c6fd565f7f380813f
Red Hat Security Advisory 2024-6162-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.
f6321cce0f4160f75f610bd76debfb6a5d8d980acaef8ee9cd4a1af4c88c7f11
Debian Linux Security Advisory 5763-1 - William Khem-Marquez discovered that Pymatgen, a Python library for materials analysis, could be tricked into running arbitrary code if a malformed CIF file is processed.
bdcbd1c6000eda313c41cb0d5a73e82213383a8c9e63d571162a7f57daf4f021
This Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list may need to be updated, depending on what media file is to be played. Python SimpleHTTPServer is not recommended. Also, if youre playing a video, the URL must be an IP address. Some AppleTV devices are actually password-protected; in that case please set the PASSWORD datastore option. For password brute forcing, please see the module auxiliary/scanner/http/appletv_login.
98d9e586a534095e5d0b6f478a9570f6bcf61c7030ee08f41c68fcaf77e0442b
Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.
04c38d06a082513de8abf2875e18f1ebec41c245eac05cf7f60cc0cff919185a
This python script is a proof of concept exploit that demonstrates a IPv6 related memory corruption in Microsoft Windows.
e6be8f94e65ac49e1c64112d19884e8a3c0da0f9997c4e2f50859639ac393ab4
Debian Linux Security Advisory 5759-1 - Multiple security issues were discovered in Python, a high-level, interactive, object-oriented language.
7e9c4ce782f915b30381e83986f37934f5a637dda3a1e6974f0c1c24602fb613
Debian Linux Security Advisory 5750-1 - Support for the "strict kex" SSH extension has been backported to AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening against the Terrapin attack.
0be1047e4d16efb9e6e3b1cb4e8a3bc474db795c8586bfdc7190a98d2149a514
Red Hat Security Advisory 2024-5534-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
1a2da727428b487d6f13f9474d3cb49e9d65d3986eb259ee5e14277f2f9ed97e
Red Hat Security Advisory 2024-5530-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
783bb0e94cef753c7d67f3388fbaef209896da128227ce789784682ff5ca474a
Red Hat Security Advisory 2024-5526-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
48d2348a69b402487025db81087e780b17e01e1ef07a2704564b0ce099421d8e
Red Hat Security Advisory 2024-5389-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
344633596e85e4dae777b2d0a1216d26017609173266ebd5373f1ad29ed1a2f2
Red Hat Security Advisory 2024-5309-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.
26d91382ce3b7ddca583d585d84a25f0d47d55ad1c1f086b5a2e2ce936851e8a
Gentoo Linux Security Advisory 202408-31 - A vulnerability has been discovered in protobuf and protobuf-python, which can lead to a denial of service. Versions greater than or equal to 3.20.3 are affected.
eadc67e3419f076cd2de528fbc9c00208699c0bc0f0ddec23dcad5d674871d0e
Red Hat Security Advisory 2024-5137-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
51d4cff8f2083764be4d7856bfc4599eae4bcb272be29f3eaf69424e3713aef7
This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does not require any authentication. The injected payload will get executed in the same context under which Calibre is being executed.
2678fd269bdb79e8ada27f1f7870d0382cc42ef2fd75bd19a29cff06a2dd56c3
Journyx version 11.5.4 has an issue where attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow.
3bd6b3cad1bc2ee8d0610e9fb86fce5f44fde3b2f6c6e92fc16ee37f0e43bb27