20 matches found
K000140251: Python vulnerabilities CVE-2022-48564 and CVE-2022-48566
Security Advisory Description CVE-2022-48564 readints in plistlib . py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. CVE-2022-48566 An issue was discovered in comparedigest in...
EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2024-1663)
According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVE-2022-48560 - An XML External Entity XXE issue was...
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2024-1697)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2024-1663)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2024-1160)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3614-1] python3.7 security update
Debian LTS Advisory DLA-3614-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton October 11, 2023 https://wiki.debian.org/LTS Package : python3.7 Version : 3.7.3-2+deb10u6 CVE ID : CVE-2022-48560 CVE-2022-48564 CVE-2022-48565 CVE-2022-48566 CVE-2023-40217 Several...
Debian dla-3614 : idle-python3.7 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3614 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3614-1 [email protected]...
Debian: Security Advisory (DLA-3575-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3575 : idle-python2.7 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3575 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3575-1 [email protected]...
Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.7, 3.9.x < 3.9.1 Race Condition Vulnerability (bpo-40791) - Linux
Python is prone to a race condition vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...
CVE-2022-48566
A constant-time-defeating optimization issue was found in python. This issue occurs when sending a specially crafted request, which could allow an attacker to obtain sensitive information. Mitigation As per upstream, either make the accumulator variable result a volatile unsigned char instead of...
CVE-2022-48566
An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...
CVE-2022-48566
An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...
CVE-2022-48566
An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...
CVE-2022-48566
An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...
Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability
Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corrupti...
Patch Tor Browser Bug to Prevent Tracking of Your Online Activities
Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to updating Tor to 0.4.5.9, the browser's...
UACME - Defeating Windows User Account Control
Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10 client, some methods however works on server version too. Admin account with UAC set on default settings required. Usage Run executable from command line:...
Cloakify - Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Evade AV Detection
Cloakify Toolset - Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography usings lists. Convert any file type e.g. executables, Office, Zip, images into a list of everyday strings. Ve...
Check Point response to Black Hat 2009 presentation about defeating SSL
...