[SECURITY] Fedora 33 Update: python-msldap-0.3.15-1.fc33

Python library to play with MS LDAP...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4742 more potentially affected by CVE-2020-15196 via tensorflow (>=1.0.1 <=2.3.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-15196 Source advisory: OSV:PYSEC-2020-119...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4742 more potentially affected by CVE-2020-15201 via tensorflow (>=1.0.1 <=2.3.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-15201 Source advisory: OSV:PYSEC-2020-124...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +233 more potentially affected by CVE-2020-15205 via tensorflow (>=1.0.1 <=1.15.3)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-15205 Source advisory: OSV:PYSEC-2020-128...

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +82 more potentially affected by CVE-2020-15192 via tensorflow (=2.2.0)

tensorflow PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - accuinsight =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2020-15192 Source advisory...

MS17-010

This repository is for public analysis of the MS17-010 vulnerability. The vulnerability is related to the SMB Server Message Block protocol and affects Windows operating systems. The repository contains various PoCs Proof of Concepts and exploits for different versions of Windows, including Windo...

Bbrecon - Python Library And CLI For The Bug Bounty Recon API

Bug Bounty Recon bbrecon is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets. It comes with an ergonomic CLI and Python library. This...

python-rsa: decryption of ciphertext leads to DoS

A flaw was found in the python-rsa package, where it does not explicitly check the ciphertext length against the key size and ignores the leading 0 bytes during the decryption of the ciphertext. This flaw allows an attacker to perform a ciphertext attack, leading to a denial of service. The highe...

pwntools

This repository is an offensive tool for binary exploitation. It is a collection of common binary exploitation tools, including pwntools, a Python library for binary exploitation. The repository includes a variety of tools and scripts for exploiting vulnerabilities in binaries, including exploit...

[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-3.fc32

MinGW Windows python3 library...

Pillow Buffer Overflow Vulnerability

Pillow is a Python based image processing library. A buffer overflow vulnerability exists in the libImaging/TiffDecode.c file in Pillow versions prior to 7.1.0. The vulnerability stems from a networked system or product that performs operations in memory without properly validating data boundarie...

[SECURITY] Fedora 31 Update: python-httplib2-0.18.1-3.fc31

A comprehensive HTTP client library that supports many features left out of other HTTP libraries...

Unspecified vulnerability in Open-iSCSI rtslib-fb

Open-iSCSI rtslib-fb is an object-based Python library for configuring LIO general purpose SCSI targets in the Linux kernel. A security vulnerability exists in Open-iSCSI rtslib-fb version 2.1.72 and earlier. No detailed vulnerability details are provided at this time...

UBUNTU-CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

PT-2021-6018

Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 1.26.5 Description The issue is related to an HTTP client vulnerability in Python urllib3, which is associated with uncontrolled resource consumption. Exploitation of the vulnerability may allow a remote attacker to...

UBUNTU-CVE-2020-13092

DISPUTED scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the...

python-urllib3: Certification mishandle when error should be thrown

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use o...

python: Cookie domain check returns incorrect results

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

aequitas (>=0.26.0 <=0.42.0), ax (>=0.39.0 <=0.52.0) +27 more potentially affected by CVE-2020-11888 via markdown2 (>=2.3.0 <=2.3.8)

markdown2 PYPI version =2.3.0, =0.26.0, =0.39.0, =0.1.0, =0.5.29, =3.8.3, =0.0.1, =0.4.1, =0.0.1, =0.7.0a1, =0.2.2, =0.4.0rc1590080566 and more Source cves: CVE-2020-11888 Source advisory: OSV:PYSEC-2020-65...

Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.

Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef. A reasonable amount of effort was put behind Chepy to make it compatible to the various functionalities that CyberChef offers, all in a pure Pythonic manner. There are some key advantages and...