Ray cpu_profile command injection

Ray RCE via cpuprofile command injection vulnerability. Module Options msf use exploit/linux/http/raycpuprofilecmdinjectioncve20236019 msf exploitraycpuprofilecmdinjectioncve20236019 show targets ...targets... msf exploitraycpuprofilecmdinjectioncve20236019 set TARGET msf...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

DolibabyPhp An authenticated RCE exploit for Dolibarr ERP/CRM...

Malicious code in pythonbademoduleimport (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Exploit for CVE-2024-37742

CVE-2024-37742: Clipboard Exploit in SEB ≤ 3.5.0 Windows Thi...

RHEL 8 : numpy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code...

RHEL 7 : numpy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code...

SUSE-SU-2023:4757-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes: CVE-2023-34049: Arbitrary code execution via symlink attack bsc1215157 Non security fixes: Add python dateutil module to the bundle Allow all primitive grain types for autosigngrains bsc1214477 Remove non-free RNG schema fi...

Rocky Linux 8 : numpy (RLSA-2019:3704)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:3704 advisory. - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary cod...

The vulnerability of the mdb_node_del() function in the LMDB database module, written in Python py-lmdb, allows a attacker to cause a service failure.

The vulnerability of the mdbnodedel function in the LMDB database module, written in Python py-lmdb, relates to the issue where an operation may be executed outside the buffer in memory when processing the data.mdb file. Exploiting this vulnerability allows a malicious actor to cause service...

[SECURITY] Fedora 38 Update: python-managesieve-0.7.1-6.fc38

This module allows accessing a Sieve-Server for managing Sieve scripts there. It is accompanied by a simple yet functional user application =EF=BF=BD=EF=BF =BD=EF=BF=BDsieveshell=EF=BF=BD=EF=BF=BD=EF=BF=BD...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to directory traversal due to GHSA-v5gw-mw7f-84px [X-Force 255807]

Summary Python module Starlette is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to directory traversal. This bulletin provides patch information t...

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs

The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on...

CVE-2023-30608 Parser contains an inefficient regular expression in sqlparse

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

SUSE CVE-2009-0314

Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...

SUSE CVE-2009-0315

Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...

SUSE CVE-2009-3894

Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in 1 the current working directory or 2 a certain subdirectory of the current working directory...

SUSE CVE-2013-2131

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service crash via format string specifiers to the rrdtool.graph function...

exotel 安全漏洞

exotel is a Python module for exotels calls and sms api. A security vulnerability exists in PyPI exotel package version 0.1.6, which stems from including a code execution backdoor inserted by a third party...

CLSA-2022-1658347450 Fixed CVE-2015-20170 in python2-4.module_el8.4.0+2071+0b56c8de.tuxcare.els3

CVE-2015-20170: mailcap: findmatch function does not sanitise the second argument allowing to inject shell commands...

GHSA-M923-W2GJ-V43G graphite-web is vulnerable to Remote Code Execution via renderLocalView function

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...