Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2022-0391)

Summary IBM Security SOAR uses an older version of Python 3.6 that may be identified and exploited. An update has been released which addresses these issues. The version of Python included in the latest version of IBM ® Security Soar is 3.8. Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION:...

Python urllib.parse Vulnerability (bpo-43882) - Windows

Python is prone to a vulnerability urllib.parse. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

PYSEC-2021-860

Croatia Control Asterix 2.8.1 pythonv0.7.2 has a heap-based buffer over-read, with additional details to be disclosed at a later date...

David Kitchen bluemonday 安全漏洞

David Kitchen bluemonday is a David Kitchen open source application . HTML cleaner for implementation in Go. A security vulnerability exists in bluemonday sanitizer, which originates in bluemonday before 1.0.16 in Go and before 0.0.8 in Python in pybluemonday, that does not correctly enforce the...

Python <= 3.7.2 DoS Vulnerability (bpo-36260) - Mac OS X

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

GHSA-QM57-VHQ3-3FWF Header injection possible in Django

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

GHSA-FR28-569J-53C4 Django Incorrect Default Permissions

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...

USN-4754-2 python2.7 regression

USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain...

PT-2020-6971 · Python +7 · Python +7

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.9.2 Description: The issue is related to the read ints function in the plistlib.py component of the Python interpreter, which is vulnerable to uncontrolled resource consumption. This can be exploited by a remote...

PT-2020-6992 · Python +1 · Python +1

Name of the Vulnerable Software and Affected Versions: Python version 3.8.4 Description: The issue is related to the python38. pth file, where sys.path restrictions are ignored, allowing code to be loaded from arbitrary locations. This could potentially enable a remote attacker to execute arbitra...

SUSE-SU-2020:1524-1 Security update for python

This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2019-18348: Fixed a CRLF injection via the host part of the...

Install Python for Windows

This module places an embeddable Python3 distribution onto the target file system, granting pentesters access to a lightweight Python interpreter. This module does not require administrative privileges or user interaction with installation prompts. This module requires Metasploit:...

FTP Commander Pro 8.03 - Local Stack Overflow Exploit

Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor: http://www.internet-soft.com/ Software Link:...

FTP Commander Pro 8.03 - Local Stack Overflow

FTP Commander Pro 8.03 - Local Stack Overflow Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Date: 2019-12-12 Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor:...

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

ALPINE-CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

SUSE-RU-2019:0341-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: branch-network-formula: - Netconfig update requires bind directory to exists for bind forward, ensure it bsc1116365 - Rework network update in branch-network formula bsc1116365 py26-compat-salt: - Remove arch from name when pkg.listpkgs is called with 'attr...

Getsploit v0.2.2 - Command Line Utility For Searching And Downloading Exploits

Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB , Metasploit , Packetstorm and others. The most powerful feature is immediate exploit source download right in...

Pure Blood - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter Menu Web Pentest | Banner Grab | Whois | Traceroute | DNS Record | Reverse DNS Lookup | Zone Transfer Lookup | Port Scan | Admin Panel Scan | Subdomain Scan | CMS Identify | Reverse IP Lookup | Subnet Lookup | Extract Pa...

UBUNTU-CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are...