Red Hat Security Advisory 2024-9991-03 - An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform 17.1.
3f6c690d8c25f35613c7f78a51ae8213077a15e886ae050c123c72744a9ae0f1Red Hat Security Advisory 2024-9990-03 - An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform 17.1.
5ccdd80532b582cda904e1dd936ab1669a22efe674e87e66517e54a877427d8eRed Hat Security Advisory 2024-9989-03 - An update for python-webob is now available for Red Hat OpenStack Platform 17.1.
68d18f7775b581a7e33ecee213413a566e7297da98272ecbf08d0c1061f104e1Red Hat Security Advisory 2024-9988-03 - An update for python-requests is now available for Red Hat OpenStack Platform 17.1.
215d2852fe05a376a5ff73984accfb0c69f4ae97417bc8689f26d85b547cdc94Red Hat Security Advisory 2024-9986-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.
d8725b1db261dd1744c9ba7a08528d5537fb50936a33b17df66a5f84df1aa523Red Hat Security Advisory 2024-9985-03 - An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1.
75e724c8a405ab4075b6518d64086295143915e574aa9aa8039356cda456cf9fRed Hat Security Advisory 2024-9984-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.
2bbd2cdb58357e7780cc54168a239888b40d4ce2a96e4001df29e95c14150ec2Red Hat Security Advisory 2024-9983-03 - An update for python-webob is now available for Red Hat OpenStack Platform 17.1.
c1324dd2c19b3597e06f8b04a771a7c233819f2a47760eb425964150ada49ed3Red Hat Security Advisory 2024-9977-03 - An update for python-zipp is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.
4f4224ba65a42530698e13df1f8b0a9cc0c42931f45f08206c7b9839595c5c26Red Hat Security Advisory 2024-9976-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a remote shell upload vulnerability.
755e3f7fd3a32e239d9a8e79f9b2bd32c56c1499b3152634192c8405d374b1a0Red Hat Security Advisory 2024-9975-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a remote shell upload vulnerability.
606dbbccfc1abbfc6325944757b4c621aff1bfa2dff0fcf6e7bc64c779e522a0Ubuntu Security Notice 7015-6 - USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
667ae966414c566b7ba032fe92060c7e3cfb42504b259cece2ff73a5eb36f7f3Debian Linux Security Advisory 5815-1 - The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).
5e41b21d2bd83511831c10a278bb8fee7846b092ba4f682ead33f207de7216f3Ubuntu Security Notice 7116-1 - It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated.
446a88199d9186d03c7cdc7b5e4b83cd8d96c3cfc050d5bbded309e03b02cb0cUbuntu Security Notice 7015-5 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
08f60811c86141139bb27d0271c6dc8fb3d71d45f06454f487eabe3442ba3aa1CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. At the time of this writing no patch has been released and version 0.74 is the latest version of js2py which was released Nov 6, 2022. CVE-2024-39205 is a remote code execution vulnerability in Pyload versions 0.5.0b3.dev85 and below. It is an open-source download manager designed to automate file downloads from various online sources. Pyload is vulnerable because it exposes the vulnerable js2py functionality mentioned above on the /flash/addcrypted2 API endpoint. This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution.
80427d657de061fee48a9f5adbb6c131d9fca4ddd53f67cf67ca1b3ed439fdddRed Hat Security Advisory 2024-9481-03 - An update for python-django is now available for Red Hat OpenStack Platform 18.0.3 . Issues addressed include a traversal vulnerability.
f583dc3b5b04096c3dfa54511953fc8caef0c120a9b02784e810537c1665b787Red Hat Security Advisory 2024-9423-03 - An update for python-dns is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
88b912df93e811fc8789da7b9d7fc2fd5cb8a8c75d997a42e799c56790b35a9aRed Hat Security Advisory 2024-9281-03 - An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9.
145eb92c607376d9a246ee7af4daeb74181098a76d5115408bedefa9b005ea10Red Hat Security Advisory 2024-9150-03 - An update for python-jinja2 is now available for Red Hat Enterprise Linux 9.
b03766be4bd2f1d0366c19910c880f00ab747735b453e385455acdbd0a7bea8dScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
a580a4cf6bbbaf72e64e082d3ee8e5afd4e06becb21eecd24c22d1ef2da58ef3Red Hat Security Advisory 2024-8834-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.
32fb82d223071c6fb34182c849921906f895459421f8b5372871f3895a64a972This repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible through the shellfs community extension, which can be installed and loaded by an attacker to facilitate command execution.
6c3c16d85296d769a797c9f8ac23b3a50fdbb1f53c416a6022ded19352c4bb10Red Hat Security Advisory 2024-8365-03 - An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.
771a0cffec63d58697ebfac0c9da561de583650615466fedd5c486224d2b4705Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.
e6ae4b806618868271a568847282414626155e507e7451c60c2e232cc3aac875
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed