Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.
e6ae4b806618868271a568847282414626155e507e7451c60c2e232cc3aac875
Red Hat Security Advisory 2024-8105-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability.
005bafae0b4605c7b781cc94ecbb9e70852a6d3ca1a0d46f764e2c1364636593
Red Hat Security Advisory 2024-8102-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a privilege escalation vulnerability.
cb4b666c8c60966fc14602bdbaf14c8214b986d741aa75ab6860f9a7eabe7ad3
Ubuntu Security Notice 7015-4 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in Ubuntu 14.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
731455171671cb91b707afc30303c4767bd6902da1426dc4ddc34aaad8ed5c81
Debian Linux Security Advisory 5791-1 - Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python library to create PDF documents, could be bypassed which may result in the execution of arbitrary code when converting malformed HTML to a PDF document.
40f471c19c769dc43b6a721bbf7f55e00b564db69dcafda48f9c8375d8e96ac7
Red Hat Security Advisory 2024-7785-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a privilege escalation vulnerability.
64b7cd41d16277408cdda409f86a0cadd47748771798eca234ba6dce462b655a
GenGravSSTIExploit is a proof of concept Python script that exploits an authenticated server-side template injection (SSTI) vulnerability in Grav CMS versions 1.7.44 and below. This vulnerability allows a user with editor permissions to execute OS commands on a remote server.
320840a574bd1e39d76e644a70206a220bf7e080390462bcc9fbdf69d6cd628a
Ubuntu Security Notice 7015-3 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for python3.5 in Ubuntu 16.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
0390e83a0739fcfacc6a5629ced929a50e15b96cabb5e32ff94afb187b1335a3
Red Hat Security Advisory 2024-7421-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability.
16de725a918adfde0dabbfb6254ab0711f3af24ffe7d5835f1b443c36ad5f838
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
cfd1babc5c0008bc021eede72149922c24dfc4a511ced7cc3a8665193b6be5c5
Red Hat Security Advisory 2024-6907-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
70e01044b471297410d066c61014264d7aa8e71f06687db355eeebad21c7720b
Ubuntu Security Notice 7015-2 - USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for python3.5 for Ubuntu 16.04 LTS. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. This issue only affected python3.5 for Ubuntu 16.04 LTS
550d08e8b345790a9bdb83fddf576842c6d60bb9e802b14bfb08aae08445627e
Red Hat Security Advisory 2024-6775-03 - An update for python-webob is now available for Red Hat OpenStack Platform 18.0.
87a073bed7638a05e5dc3c8060c437383c6d67ffba290c352fb329a325adf572
This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
5acb6c6d8634611b63c2c7dbe9d099afc2807b183f5f065ed3557bc52c57aa7d
Ubuntu Security Notice 7015-1 - It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service.
0224b04ebdd855ff165cab147873523db9bc82d1b5c8fdecef438adbabb325b4
Red Hat Security Advisory 2024-6662-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
5f83bf1f4e1cfd470fd81ba14113e56227cea4b74f7493cf3f3b08a762af42ee
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
81c5da92bf3f55c9e71cb8923bf2e39a85511e493d5d41a0e6352368125a8969
Red Hat Security Advisory 2024-6358-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
2cb95cae70a744555922e13f2167f7812d638bff19f4fac33a90a8ceb8cc9e3a
Red Hat Security Advisory 2024-6240-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
f8ca12fedc9f586716f20cf429a796cdd840be64f85e2b9c6fd565f7f380813f
Red Hat Security Advisory 2024-6162-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.
f6321cce0f4160f75f610bd76debfb6a5d8d980acaef8ee9cd4a1af4c88c7f11
Debian Linux Security Advisory 5763-1 - William Khem-Marquez discovered that Pymatgen, a Python library for materials analysis, could be tricked into running arbitrary code if a malformed CIF file is processed.
bdcbd1c6000eda313c41cb0d5a73e82213383a8c9e63d571162a7f57daf4f021
This Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list may need to be updated, depending on what media file is to be played. Python SimpleHTTPServer is not recommended. Also, if youre playing a video, the URL must be an IP address. Some AppleTV devices are actually password-protected; in that case please set the PASSWORD datastore option. For password brute forcing, please see the module auxiliary/scanner/http/appletv_login.
98d9e586a534095e5d0b6f478a9570f6bcf61c7030ee08f41c68fcaf77e0442b
Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.
04c38d06a082513de8abf2875e18f1ebec41c245eac05cf7f60cc0cff919185a
This python script is a proof of concept exploit that demonstrates a IPv6 related memory corruption in Microsoft Windows.
e6be8f94e65ac49e1c64112d19884e8a3c0da0f9997c4e2f50859639ac393ab4
Debian Linux Security Advisory 5759-1 - Multiple security issues were discovered in Python, a high-level, interactive, object-oriented language.
7e9c4ce782f915b30381e83986f37934f5a637dda3a1e6974f0c1c24602fb613