CVE-2020-8315

In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...

CVE-2020-8315

In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2017-1334)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2017-1335)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

thesystem App 1.0 - username SQL Injection

thesystem App 1.0 - username SQL Injection Exploit Title: thesystem App 1.0 - 'username' SQL Injection Author: Anıl Baran Yelken Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0...

EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttl...

The vulnerability of the PyString_DecodeEscape function in the Python programming language interpreter (CPython) allows a hacker to execute arbitrary code.

The vulnerability of the PyStringDecodeEscape function in the “stringobject.c” file of the Python programming language interpreter CPython is related to integer overflow, which can lead to buffer overflow. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

Python.org CPython X509 certificate parsing denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using...

Debian DLA-1519-1 : python2.7 security update

Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-base...

Debian DLA-1520-1 : python3.4 security update

Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-base...

[SECURITY] [DLA 1519-1] python2.7 security update

Package : python2.7 Version : 2.7.9-2+deb8u2 CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802 Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python...

Debian: Security Advisory (DLA-1519-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-1000802

Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in shutil module makearchive function that can result in Denial of service, Information gain via injection of arbitrary files on...

CVE-2018-1000802

Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in shutil module makearchive function that can result in Denial of service, Information gain via injection of arbitrary files on...

CVE-2018-1000802

CVE-2018-1000802 affects CPython 2.7, where shutil.make_archive is vulnerable to command injection. A specially crafted input to the function can lead to Denial of Service and potential information gain via arbitrary file creation, as described in multiple advisories. The issue stems from imprope...

Code injection in rope

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

Security Monkey - Tool To Monitors Your AWS And GCP Accounts For Policy Changes And Alerts On Insecure Configurations

Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. Security Monkey can also watch and monitor your GitHub organizations, teams, and repositories. It provides a single UI to brow...

CVE-2014-3539

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

PYSEC-2018-100

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

CVE-2014-3539

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...