python38:3.8 and python38-devel:3.8 security update

An update is available for python-pluggy, module.python-psycopg2, module.python-more-itertools, module.python-jinja2, module.babel, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, babel,...

CVE-2023-39659

An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool.run component...

Python cpython Security Vulnerabilities

cpython is the Python Foundation's Python interpreter implemented in the C language. Python A security vulnerability exists in version 3.7 of cpython that stems from a crash due to improper reference counting in the asyncio.swapcurrenttask module...

Advisory ROSA-SA-2023-2203

Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation (CVE-2015-4231)

The Python interpreter in Cisco NX-OS 6.28a on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. This plugin only works with Tenable.ot. Please visit...

CVE-2023-37271 RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...

GHSA-WQC8-X2PR-7JQH RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape

Impact RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. An attacker with access to a RestrictedPython environment can write code that gets the...

RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape

Impact RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. An attacker with access to a RestrictedPython environment can write code that gets the...

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

ALSA-2023:3811 Important: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2023:3781 Important: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index PyPI repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and...

Python Exec, Python Pingback, Reverse TCP (via python)

Execute a Python payload from a command. Connects back to the attacker, sends a UUID, then terminates Module Options msf use payload/cmd/windows/python/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf payloadpingbackreversetc...

[SECURITY] Fedora 36 Update: python3.11-3.11.1-1.fc36

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

Sagemath 9.0 Overflow / Denial Of Service Exploit

sagemath 9.0 and reportedly later on ubuntu 20. sagemath gives access to the python interpreter, so code execution is trivial. We give DoS attacks, which terminates the sagemath process with abort, when raising symbolic expression to large integer power. We get abort with stack: gmp: overflow in...

Sagemath 9.0 Overflow / Denial Of Service

sagemath 9.0 and reportedly later on ubuntu 20. sagemath gives access to the python interpreter, so code execution is trivial. We give DoS attacks, which terminates the sagemath process with abort, when raising symbolic expression to large integer power. We get abort with stack: gmp: overflow in...

Python Exec, Python Meterpreter, Python Bind TCP Stager with UUID Support

Execute a Python payload as an OS command from a Posix-compatible shell. Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Listen for a connection with UUID Support Module Options msf use payload/cmd/unix/python/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions...

[SECURITY] Fedora 34 Update: ipython-7.20.0-2.fc34

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

Out of bounds read in Tensorflow

Impact The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef is then converted to MLIR-based IR then they can...

Google Tensorflow Buffer Overflow Vulnerability (CNVD-2022-09865)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that can be exploited by an attacker to change the format of the SavedModel on disk to invalidate these assumptions, and then...