958 matches found
15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects
As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial...
Limiting the Software Supply Chain Attack Surface
Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone of course and run into a...
Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities
Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities By Charles McFarland · September 21, 2022 The zero-day is the holy grail for cybercriminals; However, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether...
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability By Trellix · September 21, 2022 This story was also written by Kasimir Schulz While investigating an unrelated vulnerability, Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. Initially we...
Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities
Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities By Charles McFarland · September 21, 2022 The zero-day is the holy grail for cybercriminals; However, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether...
Limiting the Software Supply Chain Attack Surface
Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone of course and run into a...
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability By Trellix · September 21, 2022 This story was also written by Kasimir Schulz While investigating an unrelated vulnerability, Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. Initially we...
The vulnerability of the phar_parse_tarfile function in the PHP programming language allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the PHP interpreter extension is related to errors in number processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure using a specially created tar archive...
The vulnerability of the phar_parse_tarfile function in the PHP programming language allows a hacker to trigger a service failure.
The vulnerability of the pharparsetarfile function ext/phar/tar.c in the PHP programming language is related to errors in number processing. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
F5 Networks BIG-IP : Python tarfile library vulnerability (K78284681)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K78284681 advisory. In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite...
The vulnerability of the python/arfile.cc, python/tag.cc, and python/tarfile.cc files from the Python package installation module APT lies in the fact that resources are not released after their useful life has ended. This allows a perpetrator to cause service failures.
The vulnerability of the python/arfile.cc, python/tag.cc, and python/tarfile.cc files in the Python package installation module APT is related to the lack of resource release after the expiration of their useful life. Exploiting this vulnerability can allow an attacker to cause service failures...
Exploit for Path Traversal in Djangoproject Django
CVE-2021-3281 There is a Directory Traversal vulnerability in...
RHEL 7 : python (RHSA-2021:0881)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0881 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
python: infinite loop in the tarfile module via crafted TAR archive
A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...
Moderate: Red Hat Security Advisory: python security update
An update for python is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Moderate: Red Hat Security Advisory: python security update
An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...
python: infinite loop in the tarfile module via crafted TAR archive
A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...
python: infinite loop in the tarfile module via crafted TAR archive
A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...
Moderate: Red Hat Security Advisory: python security update
An update for python is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
The vulnerability of the _proc_pax function (Lib/tarfile.py) in the Python programming language allows a attacker to cause a service failure.
The vulnerability of the procpax function in the Lib/tarfile.py module of the Python interpreter is related to insufficient input validation. Exploiting this vulnerability could allow an attacker to cause service failures remotely...