GHSA-CH3J-W953-HFCM graphite-web is vulnerable to Remote Code Execution

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

graphite-web is vulnerable to Remote Code Execution via renderLocalView function

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

Pyo 安全漏洞

Pyo is a Python module written in C by the individual developer Olivier Belanger. It is used to help create digital signal processing scripts. ajaxsoundstudio.com A security vulnerability exists in versions of Pyo prior to 1.03, which can be exploited by an attacker to conduct a DoS attack by...

ajaxsoundstudio.com Pyo安全漏洞

Pyo is a Python module written in C by the individual developer Olivier Belanger. It is used to help create digital signal processing scripts. ajaxsoundstudio.com A security vulnerability exists in Pyo version 1.03, which can be exploited by an attacker to conduct a denial-of-service attack by...

CVE-2021-39182

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

CVE-2021-39182

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

Code injection

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

CVE-2021-39182 Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

Networkit - A Growing Open-Source Toolkit For Large-Scale Network Analysis

NetworKit is an open-source tool suite for high-performance network analysis. Its aim is to provide tools for the analysis of large networks in the size range from thousands to billions of edges. For this purpose, it implements efficient graph algorithms, many of them parallel to utilize multicor...

[SECURITY] Fedora 35 Update: python-pycares-4.0.0-5.fc35

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously...

python-urllib3: ReDoS in the parsing of authority part of URL

A flaw was found in python-urllib3. When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking. This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect. T...

The vulnerability of the python/arfile.cc, python/tag.cc, and python/tarfile.cc files from the Python package installation module APT lies in the fact that resources are not released after their useful life has ended. This allows a perpetrator to cause service failures.

The vulnerability of the python/arfile.cc, python/tag.cc, and python/tarfile.cc files in the Python package installation module APT is related to the lack of resource release after the expiration of their useful life. Exploiting this vulnerability can allow an attacker to cause service failures...

ansible: basic.py no_log with fallback option

A flaw was found in the Ansible Engine, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to...

AZL-6304 CVE-2021-20228 affecting package ansible for versions less than 2.12.1-1

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability...

Security fix for the ALT Linux 9 package python-module-yaml version 5.4.1-alt0.p9

5.4.1-alt0.p9 built March 22, 2021 Andrey Cherepanov in task 267990 --- March 18, 2021 Andrey Cherepanov - Backport version 5.4.x to p9 branch fixes CVE-2020-1747...

CentOS 8 : python27:2.7 (CESA-2019:3335)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3335 advisory. - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3...

PE Tree - Python Module For Viewing Portable Executable (PE) Files In A Tree-View

Python module for viewing Portable Executable PE files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports. Features Standalone application and IDAPython plugin Supports Windows/Linux/Mac Rainbow PE ratio map: High-level overview...

EulerOS Virtualization 3.0.6.0 : numpy (EulerOS-SA-2020-1730)

According to the version of the numpy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attacker...

Security fix for the ALT Linux 9 package python-module-psutil version 5.7.0-alt1

5.7.0-alt1 built April 17, 2020 Anton Midyukov in task 244280 --- April 12, 2020 Vitaly Lipatov - new version 5.7.0 with rpmrb script ALT bug 38347 - CVE-2019-18874...

Format string

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...