Red Hat Security Advisory 2024-9481-03 - An update for python-django is now available for Red Hat OpenStack Platform 18.0.3 . Issues addressed include a traversal vulnerability.
f583dc3b5b04096c3dfa54511953fc8caef0c120a9b02784e810537c1665b787Red Hat Security Advisory 2024-9423-03 - An update for python-dns is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
88b912df93e811fc8789da7b9d7fc2fd5cb8a8c75d997a42e799c56790b35a9aRed Hat Security Advisory 2024-9281-03 - An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9.
145eb92c607376d9a246ee7af4daeb74181098a76d5115408bedefa9b005ea10Red Hat Security Advisory 2024-9150-03 - An update for python-jinja2 is now available for Red Hat Enterprise Linux 9.
b03766be4bd2f1d0366c19910c880f00ab747735b453e385455acdbd0a7bea8dScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
a580a4cf6bbbaf72e64e082d3ee8e5afd4e06becb21eecd24c22d1ef2da58ef3Red Hat Security Advisory 2024-8834-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.
32fb82d223071c6fb34182c849921906f895459421f8b5372871f3895a64a972This repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible through the shellfs community extension, which can be installed and loaded by an attacker to facilitate command execution.
6c3c16d85296d769a797c9f8ac23b3a50fdbb1f53c416a6022ded19352c4bb10Red Hat Security Advisory 2024-8365-03 - An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.
771a0cffec63d58697ebfac0c9da561de583650615466fedd5c486224d2b4705Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.
e6ae4b806618868271a568847282414626155e507e7451c60c2e232cc3aac875Red Hat Security Advisory 2024-8105-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability.
005bafae0b4605c7b781cc94ecbb9e70852a6d3ca1a0d46f764e2c1364636593Red Hat Security Advisory 2024-8102-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a privilege escalation vulnerability.
cb4b666c8c60966fc14602bdbaf14c8214b986d741aa75ab6860f9a7eabe7ad3Ubuntu Security Notice 7015-4 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in Ubuntu 14.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
731455171671cb91b707afc30303c4767bd6902da1426dc4ddc34aaad8ed5c81Debian Linux Security Advisory 5791-1 - Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python library to create PDF documents, could be bypassed which may result in the execution of arbitrary code when converting malformed HTML to a PDF document.
40f471c19c769dc43b6a721bbf7f55e00b564db69dcafda48f9c8375d8e96ac7Red Hat Security Advisory 2024-7785-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a privilege escalation vulnerability.
64b7cd41d16277408cdda409f86a0cadd47748771798eca234ba6dce462b655aGenGravSSTIExploit is a proof of concept Python script that exploits an authenticated server-side template injection (SSTI) vulnerability in Grav CMS versions 1.7.44 and below. This vulnerability allows a user with editor permissions to execute OS commands on a remote server.
320840a574bd1e39d76e644a70206a220bf7e080390462bcc9fbdf69d6cd628aUbuntu Security Notice 7015-3 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for python3.5 in Ubuntu 16.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
0390e83a0739fcfacc6a5629ced929a50e15b96cabb5e32ff94afb187b1335a3Red Hat Security Advisory 2024-7421-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability.
16de725a918adfde0dabbfb6254ab0711f3af24ffe7d5835f1b443c36ad5f838Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
cfd1babc5c0008bc021eede72149922c24dfc4a511ced7cc3a8665193b6be5c5Red Hat Security Advisory 2024-6907-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
70e01044b471297410d066c61014264d7aa8e71f06687db355eeebad21c7720bUbuntu Security Notice 7015-2 - USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for python3.5 for Ubuntu 16.04 LTS. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. This issue only affected python3.5 for Ubuntu 16.04 LTS
550d08e8b345790a9bdb83fddf576842c6d60bb9e802b14bfb08aae08445627eRed Hat Security Advisory 2024-6775-03 - An update for python-webob is now available for Red Hat OpenStack Platform 18.0.
87a073bed7638a05e5dc3c8060c437383c6d67ffba290c352fb329a325adf572This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
5acb6c6d8634611b63c2c7dbe9d099afc2807b183f5f065ed3557bc52c57aa7dUbuntu Security Notice 7015-1 - It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service.
0224b04ebdd855ff165cab147873523db9bc82d1b5c8fdecef438adbabb325b4Red Hat Security Advisory 2024-6662-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
5f83bf1f4e1cfd470fd81ba14113e56227cea4b74f7493cf3f3b08a762af42eeStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
81c5da92bf3f55c9e71cb8923bf2e39a85511e493d5d41a0e6352368125a8969
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed