CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

amundsen-databuilder (>=2.6.0 <=3.1.0rc0), amundsen-databuilder-azure (=2.6.5) +84 more potentially affected by CVE-2021-21240 via httplib2 (>=0.10.3 <=0.18.1)

httplib2 PYPI version =0.10.3, =2.6.0, =0.1.0, =0.1.0, =0.0.22, =0.7.1, =0.4.0, =0.0.0, =0.0.1, =3.40.0, =0.0.4, =0.1.1, =0.3.0 and more Source cves: CVE-2021-21240 Source advisory: OSV:PYSEC-2021-16...

pwntools

This repository is an open-source project for a Python library called pwntools, which is used for reverse engineering and exploitation of binaries. The library is designed to be a comprehensive tool for security researchers and developers. The repository contains a variety of files, including:...

Idpy Pysaml2 Data Forgery Issue Vulnerability

Idpy Pysaml2 is a Python-based SAML server implementation from the Idpy community. Idpy PySAML2 before 6.5.0 suffers from a Data Forgery Issue vulnerability that stems from the presence of a Cryptographic Signature Validation Error vulnerability. An attacker can exploit this vulnerability to...

[SECURITY] Fedora 32 Update: python-cairosvg-2.4.2-4.fc32

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be u sed as a Python library...

Fedora: Security Advisory for python-cairosvg (FEDORA-2021-8537865fb5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2020-143

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...

UBUNTU-CVE-2020-29651

A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality...

Exploit for CVE-2020-1472

CVE-2020-1472 is a vulnerability in the Windows Netlogon service that allows an unauthenticated attacker to set the password of the Domain Controller account to an empty string NT hash=31d6cfe0d16ae931b73c59d7e0c089c0. This vulnerability is also known as the "Zerologon" vulnerability. The exploit...

Pytmipe - Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows

PYTMIPE PYthon library for Token Manipulation and Impersonation for Privilege Escalation is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python...

XXE in petl

Impact Information Disclosure Summary petl is a Python library that provides functions for extraction, transformation, and loading ETL of data. petl before 1.68, in some configurations, allows resolution of entities in XML input. An attacker who is able to submit XML input to an application using...

pwntools

This is an offensive tool for binary exploitation. It is a Python library called pwntools, which provides a set of tools for binary exploitation and reverse engineering. The library is designed to be used by security researchers and penetration testers to identify and exploit vulnerabilities in...

addok (=0.5.0), cloudmesh-client (>=4.2.6 <=4.7.3) +50 more potentially affected by CVE-2020-28724 via werkzeug (>=0.10.1 <=0.11.5)

werkzeug PYPI version =0.10.1, =4.2.6, =1.2.1, =1.0.22, =0.7.12, =0.1.1, =1.0.0, =0.0.1, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.6 and more Source cves: CVE-2020-28724 Source advisory: OSV:PYSEC-2020-157...

python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function

A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenatio...

[SECURITY] Fedora 33 Update: python-msldap-0.3.15-1.fc33

Python library to play with MS LDAP...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4710 more potentially affected by CVE-2020-15201 via tensorflow (>=1.0.1 <=2.3.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-15201 Source advisory: OSV:PYSEC-2020-124...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +233 more potentially affected by CVE-2020-15205 via tensorflow (>=1.0.1 <=1.15.3)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-15205 Source advisory: OSV:PYSEC-2020-128...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4710 more potentially affected by CVE-2020-15196 via tensorflow (>=1.0.1 <=2.3.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-15196 Source advisory: OSV:PYSEC-2020-119...

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +82 more potentially affected by CVE-2020-15192 via tensorflow (=2.2.0)

tensorflow PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - accuinsight =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2020-15192 Source advisory...

MS17-010

This repository is for public analysis of the MS17-010 vulnerability. The vulnerability is related to the SMB Server Message Block protocol and affects Windows operating systems. The repository contains various PoCs Proof of Concepts and exploits for different versions of Windows, including Windo...