python-rsa: bleichenbacher timing oracle attack against RSA decryption

A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

UBUNTU-CVE-2022-30284

DISPUTED In the python-libnmap package through 0.7.2 for Python, remote command execution can occur if used in a client application that does not validate arguments. NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that...

Requests-Ip-Rotator - A Python Library To Utilize AWS API Gateway's Large IP Pool As A Proxy To Generate Pseudo-Infinite IPs For Web Scraping And Brute Forcing

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. This library will allow the user to bypass IP-based rate-limits for sites and services. X-Forwarded-For headers are automatically randomised and applied unles...

addpage (=0.2.0), amazon-textract-helper (>=0.0.2 <=0.0.30) +88 more potentially affected by CVE-2022-24859 via pypdf2 (>=1.24.0 <=1.27.12)

pypdf2 PYPI version =1.24.0, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =0.1.1, =0.1.1, =0.2.0, =0.1.0, =0.0.1, =1.1.0, =0.9.0, =1.0.0, =2.0.0 - dftimewolf =20200608.0.0a0 and more Source cves: CVE-2022-24859 Source advisory: OSV:PYSEC-2022-194...

CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet...

CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet...

PT-2022-18345 · Inhand Networks · Inrouter 900

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 Description: The issue is related to a remote code execution vulnerability triggered by a crafted packet via the python-lib component. Recommendations: For...

Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...

CLSA-2022-1647958678 Fixed CVE-2021-3737 in python

CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...

redhat-support-lib-python and redhat-support-tool bug fix and enhancement update

An update is available for redhat-support-tool, redhat-support-lib-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The redhat-support-tool utility...

OPENSUSE-SU-2022:0802-1 Security update for python-libxml2-python

This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes bsc1196490...

OESA-2022-1562 python-py security update

Library with cross-python path, ini-parsing, io, code, log facilities. Security Fixes: A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious inp...

b2-sdk-python 安全漏洞

b2-sdk-python is a Python library for accessing B2 cloud storage. A security vulnerability exists in b2-sdk-python, which stems from the fact that under certain circumstances, a local attacker can exploit the vulnerability via a Time Checking Time of Use TOCTOU contention condition...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4847 more potentially affected by CVE-2022-23557 via tensorflow (>=1.0.1 <=2.5.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23557 Source advisory: OSV:GHSA-GF2J-F278-XH4V...

CVE-2022-21712

A flaw was found in the twisted Python library when WebClient redirects via the RedirectAgent and BrowserLikeRedirectAgent methods. This flaw allows an attacker to take advantage of these cross-origin redirects and leak the cookie and authorization headers...

ayugespidertools (>=3.4.1 <=3.9.5), baotool (=1.0.1) +129 more potentially affected by CVE-2022-21712 via twisted (>=16.0.0 <=22.10.0)

twisted PYPI version =16.0.0, =3.4.1, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =0.1.0.dev2, =0.3.4, =0.1.0, =18.4.0, =1.1.2.post3, =1.2.0.post1 and more Source cves: CVE-2022-21712 Source advisory: OSV:PYSEC-2022-27...

USN-5215-1 nltk vulnerability

Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a denial of service...

cognitivefactory-interactive-clustering (>=0.2.1 <=0.3.0), cpraa (>=0.3.0 <=0.6.0) +18 more potentially affected by CVE-2021-41500 via cvxopt (>=1.1.8 <=1.2.6)

cvxopt PYPI version =1.1.8, =0.2.1, =0.3.0, =0.1.0, =0.2.0, =0.1.7, =1.0.1a13, =0.2.0, =1.0.2, =3.0.0.dev3, =0.0.1, =0.1.0, =0.2.2 and more Source cves: CVE-2021-41500 Source advisory: OSV:GHSA-8RH6-H94M-VJ54...

aimmo (>=0.61.9 <=1.3.3b690), ambition-edc (>=0.3.68 <=0.3.72) +71 more potentially affected by CVE-2021-45115 via django (>=2.2.0 <=2.2.25)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2021-45115 Source advisory: OSV:PYSEC-2022-1...

PYSEC-2022-5

nltk is vulnerable to Inefficient Regular Expression Complexity...