OESA-2022-1710 python-jwt security update

PyJWT is a Python library which allows you to encode and decode JSON Web Tokens JWT. \ JWT is an open, industry-standard RFC 7519 for representing claims securely between two parties. Security Fixes: PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing...

CVE-2022-30877

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2...

CLSA-2022-1654010877 Fixed CVEs in python3: CVE-2022-0391, CVE-2021-4189, CVE-2021-3737

CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2036020 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2036020 - CVE-2022-0391: urllib.parse does not sanitize URLs containing ASCII newline and tabs rhbz2047376...

DEBIAN-CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

priority vulnerable to denial of service

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

Updated python-nbxmpp packages fix security vulnerability

Missing input sanitising in python-nbxmpp, a Jabber/XMPP Python library, could result in denial of service in clients based on it such as Gajim...

abtests (>=0.0.1 <=0.0.2.1), adjsim (>=2.0.0 <=2.1.0) +108 more potentially affected by CVE-2017-12852 via numpy (>=1.10.0 <=1.13.1)

numpy PYPI version =1.10.0, =0.0.1, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =1.0.2 - cami-opal =0.2.5 and more Source cves: CVE-2017-12852 Source advisory: OSV:GHSA-FRGW-FGH6-9G52...

0x-web3 (=5.0.0a5), a2grunnerp (>=0.1.0 <=0.1.8) +4110 more potentially affected by CVE-2015-5237 via protobuf (>=2.6.0 <=3.3.0)

protobuf PYPI version =2.6.0, =0.1.0, =0.1.0, =0.1.6, =1.0.2, =0.0.1b1, =0.2.5, =0.1.0, =1.0.0, =1.0.6 - academic-emotion =0.1.2 and more Source cves: CVE-2015-5237 Source advisory: OSV:GHSA-JWVW-V7C5-M82H...

Email-Prediction-Asterisks - Script That Allows You To Identify The Emails Hidden Behind Asterisks

Email prediction asterisks is a script that allows you to identify the emails hidden behind asterisks. It is a perfect application for osint analysts and security forces. It allows to intelligently predict, using Intelx leaks, which emails are related to the person we are looking for. It also...

python-rsa: bleichenbacher timing oracle attack against RSA decryption

A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

UBUNTU-CVE-2022-30284

DISPUTED In the python-libnmap package through 0.7.2 for Python, remote command execution can occur if used in a client application that does not validate arguments. NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that...

Requests-Ip-Rotator - A Python Library To Utilize AWS API Gateway's Large IP Pool As A Proxy To Generate Pseudo-Infinite IPs For Web Scraping And Brute Forcing

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. This library will allow the user to bypass IP-based rate-limits for sites and services. X-Forwarded-For headers are automatically randomised and applied unles...

addpage (=0.2.0), amazon-textract-helper (>=0.0.2 <=0.0.30) +88 more potentially affected by CVE-2022-24859 via pypdf2 (>=1.24.0 <=1.27.12)

pypdf2 PYPI version =1.24.0, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =0.1.1, =0.1.1, =0.2.0, =0.1.0, =0.0.1, =1.1.0, =0.9.0, =1.0.0, =2.0.0 - dftimewolf =20200608.0.0a0 and more Source cves: CVE-2022-24859 Source advisory: OSV:PYSEC-2022-194...

CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet...

CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet...

PT-2022-18345 · Inhand Networks · Inrouter 900

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 Description: The issue is related to a remote code execution vulnerability triggered by a crafted packet via the python-lib component. Recommendations: For...

Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...

CLSA-2022-1647958678 Fixed CVE-2021-3737 in python

CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...

redhat-support-lib-python and redhat-support-tool bug fix and enhancement update

An update is available for redhat-support-tool, redhat-support-lib-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The redhat-support-tool utility...

OPENSUSE-SU-2022:0802-1 Security update for python-libxml2-python

This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes bsc1196490...