Red Hat Security Advisory 2023-3446-01 - An update for python-flask is now available for Red Hat OpenStack Platform 16.1 (Train).
5a5e6ac0bb2fb927993b0fe60a0be7e366b61c870a8d0f8cf6a30527b8e758f6Ubuntu Security Notice 6139-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first addressed in USN-5960-1, but was incomplete. Here we address an additional fix to that issue.
7a7140725b53dce5e551f165f1dc3c5781b1c25880cb776bf9f7bae38fccf55dAIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
9592ddac406040974faa1b34a459f123d010fd293a18114a8468d871b7825c7bStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
edc2f69b5090076c99d276a5968f9dda0e5738f6bf8e34f5233dcb702ff3ac2eRed Hat Security Advisory 2023-2893-01 - Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Issues addressed include a denial of service vulnerability.
14bd9718f3def17c30d3107c408c6c2fcbfa27994e40da79d22f2c2c7d4d72a0Red Hat Security Advisory 2023-2860-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a denial of service vulnerability.
ef04a6af2b2b268826567eb8b38023428bea63e65a01ccefd05e085aa4e26a68Red Hat Security Advisory 2023-2763-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.
7c13e4849b247024b1e54df96241fe720044da07f3377d2dd8f68fb63196268cRed Hat Security Advisory 2023-2764-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.
58ecdb375728ffca18024a930bb48a050184958a02d68bf5cb769a3fee07b237Red Hat Security Advisory 2023-3018-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include a null pointer vulnerability.
1f20ffa91730a0d49b5005084630f0e92de7aad678d24a1539afb4a514061b3fSimple python script to send commands prepared in text files mutated by an example payload string, e.g. multiple A or B letters. Using Fortigate's credentials, a user should be able to use this script to automate a basic fuzzing process for commands available in CLI.
183513f0d7a7bbd777a50826ac774d0cc927491384f081ad3ae5cf87426b640fRed Hat Security Advisory 2023-2258-01 - Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Issues addressed include a denial of service vulnerability.
8a1932a0ad8967405027de8ff827b78f50db08251dc5455cd924c86221a810f2Red Hat Security Advisory 2023-2532-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include a null pointer vulnerability.
e185664cfabd647801bea33e27800186d7c402417945af07757ccfe01bd870deGentoo Linux Security Advisory 202305-2 - Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.
641b7206ae708be2456ced27dc11f8f77c8d01d6eb97ee4f516c3e6799b4e0adThis python script is a slow brute forcing utility to check passwords against FortiGate appliances. Check the homepage link for more information on how this was used to slowly bypass brute force protections.
c801f99d408035256c871d04d06f9c9e360124599a0f66d51971fc4c6561faf6Red Hat Security Advisory 2023-1486-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, code execution, and denial of service vulnerabilities.
34681b3994f7696e63749c33f2b4943d1f3991726eb9aa72976cb927c1014ab6The documentation for the python CGI module suffers from a cross site scripting vulnerability.
12070a3cded8397a9c1036c6ffa17c97d5ef5a584b91e3216867995ff23654e8Ubuntu Security Notice 5960-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters.
727432be8aaebcbbf1e8da1308a8110c3c6dc6fb3ff312a8e8e10aae1adc194bRed Hat Security Advisory 2023-1281-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform. Issues addressed include a remote shell upload vulnerability.
987d8f013217b57d1857239f6881cfb726cc3c00c621957b53627dccfc7f4cd9Ubuntu Security Notice 5931-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
33bbf9788230cbeb99c657b8e28943adea06a0071c8079fb8b2553765bcb5937Ubuntu Security Notice 5930-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
3eea1d8c54397f96a37251d32922f85c73164c2faad23c5a4a9d2e29e9aef977Ubuntu Security Notice 5767-3 - USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
3dc497cd1ab19fc28ac4bd2bee894b67b6bef61851ee8c1945e255f133cd4e65This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.
e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1Red Hat Security Advisory 2023-1018-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Issues addressed include a remote shell upload vulnerability.
6cabeb616cc86e2cbaf9eeff580fc77e5c814243da7ceecee78741afbe444047Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
3ed05d8a034b8ccbd8a190a2e4579c85ef5adbb3a2f5970087da2e589448bbc5Red Hat Security Advisory 2023-0953-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.
b5ad1e43933d7e24b476c3cf80940d752fa7092183eaed9377f53229089d1d6d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed