what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 1,695 RSS Feed

Python Files

Red Hat Security Advisory 2024-9991-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9991-03 - An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform 17.1.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2024-8007
SHA-256 | 3f6c690d8c25f35613c7f78a51ae8213077a15e886ae050c123c72744a9ae0f1
Red Hat Security Advisory 2024-9990-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9990-03 - An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform 17.1.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2024-8007
SHA-256 | 5ccdd80532b582cda904e1dd936ab1669a22efe674e87e66517e54a877427d8e
Red Hat Security Advisory 2024-9989-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9989-03 - An update for python-webob is now available for Red Hat OpenStack Platform 17.1.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2024-42353
SHA-256 | 68d18f7775b581a7e33ecee213413a566e7297da98272ecbf08d0c1061f104e1
Red Hat Security Advisory 2024-9988-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9988-03 - An update for python-requests is now available for Red Hat OpenStack Platform 17.1.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2024-35195
SHA-256 | 215d2852fe05a376a5ff73984accfb0c69f4ae97417bc8689f26d85b547cdc94
Red Hat Security Advisory 2024-9986-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9986-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2024-4340
SHA-256 | d8725b1db261dd1744c9ba7a08528d5537fb50936a33b17df66a5f84df1aa523
Red Hat Security Advisory 2024-9985-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9985-03 - An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2024-37891
SHA-256 | 75e724c8a405ab4075b6518d64086295143915e574aa9aa8039356cda456cf9f
Red Hat Security Advisory 2024-9984-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9984-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2024-4340
SHA-256 | 2bbd2cdb58357e7780cc54168a239888b40d4ce2a96e4001df29e95c14150ec2
Red Hat Security Advisory 2024-9983-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9983-03 - An update for python-webob is now available for Red Hat OpenStack Platform 17.1.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2024-42353
SHA-256 | c1324dd2c19b3597e06f8b04a771a7c233819f2a47760eb425964150ada49ed3
Red Hat Security Advisory 2024-9977-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9977-03 - An update for python-zipp is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2024-5569
SHA-256 | 4f4224ba65a42530698e13df1f8b0a9cc0c42931f45f08206c7b9839595c5c26
Red Hat Security Advisory 2024-9976-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9976-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a remote shell upload vulnerability.

tags | advisory, remote, shell, python
systems | linux, redhat
advisories | CVE-2024-34069
SHA-256 | 755e3f7fd3a32e239d9a8e79f9b2bd32c56c1499b3152634192c8405d374b1a0
Red Hat Security Advisory 2024-9975-03
Posted Nov 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9975-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a remote shell upload vulnerability.

tags | advisory, remote, shell, python
systems | linux, redhat
advisories | CVE-2024-34069
SHA-256 | 606dbbccfc1abbfc6325944757b4c621aff1bfa2dff0fcf6e7bc64c779e522a0
Ubuntu Security Notice USN-7015-6
Posted Nov 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7015-6 - USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088
SHA-256 | 667ae966414c566b7ba032fe92060c7e3cfb42504b259cece2ff73a5eb36f7f3
Debian Security Advisory 5815-1
Posted Nov 20, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5815-1 - The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).

tags | advisory, arbitrary, local, root, perl, vulnerability, python, ruby
systems | linux, debian
advisories | CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992
SHA-256 | 5e41b21d2bd83511831c10a278bb8fee7846b092ba4f682ead33f207de7216f3
Ubuntu Security Notice USN-7116-1
Posted Nov 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7116-1 - It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated.

tags | advisory, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2024-9287
SHA-256 | 446a88199d9186d03c7cdc7b5e4b83cd8d96c3cfc050d5bbded309e03b02cb0c
Ubuntu Security Notice USN-7015-5
Posted Nov 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7015-5 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088
SHA-256 | 08f60811c86141139bb27d0271c6dc8fb3d71d45f06454f487eabe3442ba3aa1
Pyload Remote Code Execution
Posted Nov 18, 2024
Authored by Spencer McIntyre, jheysel-r7 | Site metasploit.com

CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. At the time of this writing no patch has been released and version 0.74 is the latest version of js2py which was released Nov 6, 2022. CVE-2024-39205 is a remote code execution vulnerability in Pyload versions 0.5.0b3.dev85 and below. It is an open-source download manager designed to automate file downloads from various online sources. Pyload is vulnerable because it exposes the vulnerable js2py functionality mentioned above on the /flash/addcrypted2 API endpoint. This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution.

tags | exploit, remote, arbitrary, javascript, code execution, python
advisories | CVE-2024-28397, CVE-2024-39205
SHA-256 | 80427d657de061fee48a9f5adbb6c131d9fca4ddd53f67cf67ca1b3ed439fddd
Red Hat Security Advisory 2024-9481-03
Posted Nov 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9481-03 - An update for python-django is now available for Red Hat OpenStack Platform 18.0.3 . Issues addressed include a traversal vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2024-38875
SHA-256 | f583dc3b5b04096c3dfa54511953fc8caef0c120a9b02784e810537c1665b787
Red Hat Security Advisory 2024-9423-03
Posted Nov 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9423-03 - An update for python-dns is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2023-29483
SHA-256 | 88b912df93e811fc8789da7b9d7fc2fd5cb8a8c75d997a42e799c56790b35a9a
Red Hat Security Advisory 2024-9281-03
Posted Nov 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9281-03 - An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-6681
SHA-256 | 145eb92c607376d9a246ee7af4daeb74181098a76d5115408bedefa9b005ea10
Red Hat Security Advisory 2024-9150-03
Posted Nov 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9150-03 - An update for python-jinja2 is now available for Red Hat Enterprise Linux 9.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2024-34064
SHA-256 | b03766be4bd2f1d0366c19910c880f00ab747735b453e385455acdbd0a7bea8d
Scapy Packet Manipulation Tool 2.6.1
Posted Nov 5, 2024
Authored by Philippe Biondi | Site secdev.org

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.

Changes: This update contains fixes for various small bugs introduced in version 2.6.0 including a couple of crashes.
tags | tool, scanner, python
systems | unix
SHA-256 | a580a4cf6bbbaf72e64e082d3ee8e5afd4e06becb21eecd24c22d1ef2da58ef3
Red Hat Security Advisory 2024-8834-03
Posted Nov 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8834-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-41419
SHA-256 | 32fb82d223071c6fb34182c849921906f895459421f8b5372871f3895a64a972
Grafana Remote Code Execution
Posted Oct 24, 2024
Authored by z3k0sec | Site github.com

This repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible through the shellfs community extension, which can be installed and loaded by an attacker to facilitate command execution.

tags | exploit, remote, arbitrary, shell, code execution, python
advisories | CVE-2024-9264
SHA-256 | 6c3c16d85296d769a797c9f8ac23b3a50fdbb1f53c416a6022ded19352c4bb10
Red Hat Security Advisory 2024-8365-03
Posted Oct 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8365-03 - An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2024-3651
SHA-256 | 771a0cffec63d58697ebfac0c9da561de583650615466fedd5c486224d2b4705
Debian Security Advisory 5795-1
Posted Oct 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.

tags | advisory, sql injection, python
systems | linux, debian
advisories | CVE-2024-9774
SHA-256 | e6ae4b806618868271a568847282414626155e507e7451c60c2e232cc3aac875
Page 1 of 68
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close