PT-2024-23565 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: A buffer overflow issue has been found in the C++ components, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via improper handling of...

PT-2024-23564 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: An OS command injection issue has been discovered, allowing attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the comma...

PT-2024-23568 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: An insecure deserialization issue allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components,...

PT-2024-23549 · Unknown · Ros Melodic Morenia

Name of the Vulnerable Software and Affected Versions: ROS Melodic Morenia versions where ROS VERSION is 1 and ROS PYTHON VERSION is 3 Description: An unauthorized access issue has been discovered, potentially allowing a malicious user to gain unauthorized information access to multiple ROS nodes...

PT-2024-22898 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Humble Hawksbill versions where ROS VERSION is 2 and ROS PYTHON VERSION is 3 Description: An unauthorized access issue has been discovered, potentially allowing a malicious user to gain unauthorized access to multiple ROS2 nodes remotely...

PT-2024-14064 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 Foxy Fitzroy Description: An issue was discovered in shell command execution in ROS2, allowing an attacker to run arbitrary commands and cause other impacts. The issue is related to the ROS VERSION=2 and ROS PYTH...

PT-2024-14069 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 versions Foxy Fitzroy Description: The issue is an OS command injection vulnerability in command processing or system call components. This allows attackers to run arbitrary commands. The ROS VERSION is 2 and ROS...

Security Bulletin: IBM Cinder plug-in is affected by a vulnerability in the Python requests-2.28.2-py3-none-any.whl [CVE-2023-32681]

Summary The Python requests package, which allows user to send HTTP requests using Python, is used by IBM Cinder plug-in. requests package is impacted by vulnerability CVE-2023-32681. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain...

Mars: Information Exposure due to enabled debug mode

The server was found to be exposing system information to unauthenticated users due to the enabled debug mode. The disclosed information included details about the technologies and versions being used in the production system, such as the Python version, Django version, and the database driver in...

Exploit for Path Traversal in Fit2Cloud Jumpserver

CVE-2023-42819 CVE-2023-42819 Description of the Vulne...

Important: python38

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

Important: python3.11

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

SUSE CVE-2023-40587

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...

CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

UBUNTU-CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9.1, which stems from the presence of an XML external entity issue...

Low: python3.11

Issue Overview: No CVE associated with this advisory Affected Packages: python3.11 Issue Correction: Run dnf update python3.11 --releasever 2023.1.20230719 or dnf update --advisory ALAS2023-2023-252 --releasever 2023.1.20230719 to update your system. More information on how to update your system...

Exploit for Deserialization of Untrusted Data in Spip

CVE-2023-27372-POC Overview This Python POC Proof of Con...

AZL-35144 CVE-2023-27043 affecting package python3 3.12.9-9

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...