Fedora: Security Advisory for python-cairosvg (FEDORA-2021-8537865fb5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2020-143

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...

UBUNTU-CVE-2020-29651

A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality...

Exploit for CVE-2020-1472

CVE-2020-1472 is a vulnerability in the Windows Netlogon service that allows an unauthenticated attacker to set the password of the Domain Controller account to an empty string NT hash=31d6cfe0d16ae931b73c59d7e0c089c0. This vulnerability is also known as the "Zerologon" vulnerability. The exploit...

Pytmipe - Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows

PYTMIPE PYthon library for Token Manipulation and Impersonation for Privilege Escalation is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python...

XXE in petl

Impact Information Disclosure Summary petl is a Python library that provides functions for extraction, transformation, and loading ETL of data. petl before 1.68, in some configurations, allows resolution of entities in XML input. An attacker who is able to submit XML input to an application using...

pwntools

This is an offensive tool for binary exploitation. It is a Python library called pwntools, which provides a set of tools for binary exploitation and reverse engineering. The library is designed to be used by security researchers and penetration testers to identify and exploit vulnerabilities in...

addok (=0.5.0), cloudmesh-client (>=4.2.6 <=4.7.3) +50 more potentially affected by CVE-2020-28724 via werkzeug (>=0.10.1 <=0.11.5)

werkzeug PYPI version =0.10.1, =4.2.6, =1.2.1, =1.0.22, =0.7.12, =0.1.1, =1.0.0, =0.0.1, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.6 and more Source cves: CVE-2020-28724 Source advisory: OSV:PYSEC-2020-157...

python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function

A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenatio...

[SECURITY] Fedora 33 Update: python-msldap-0.3.15-1.fc33

Python library to play with MS LDAP...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4742 more potentially affected by CVE-2020-15196 via tensorflow (>=1.0.1 <=2.3.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-15196 Source advisory: OSV:PYSEC-2020-119...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +233 more potentially affected by CVE-2020-15205 via tensorflow (>=1.0.1 <=1.15.3)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-15205 Source advisory: OSV:PYSEC-2020-128...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4742 more potentially affected by CVE-2020-15201 via tensorflow (>=1.0.1 <=2.3.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-15201 Source advisory: OSV:PYSEC-2020-124...

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +82 more potentially affected by CVE-2020-15192 via tensorflow (=2.2.0)

tensorflow PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - accuinsight =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2020-15192 Source advisory...

MS17-010

This repository is for public analysis of the MS17-010 vulnerability. The vulnerability is related to the SMB Server Message Block protocol and affects Windows operating systems. The repository contains various PoCs Proof of Concepts and exploits for different versions of Windows, including Windo...

Bbrecon - Python Library And CLI For The Bug Bounty Recon API

Bug Bounty Recon bbrecon is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets. It comes with an ergonomic CLI and Python library. This...

python-rsa: decryption of ciphertext leads to DoS

A flaw was found in the python-rsa package, where it does not explicitly check the ciphertext length against the key size and ignores the leading 0 bytes during the decryption of the ciphertext. This flaw allows an attacker to perform a ciphertext attack, leading to a denial of service. The highe...

pwntools

This repository is an offensive tool for binary exploitation. It is a collection of common binary exploitation tools, including pwntools, a Python library for binary exploitation. The repository includes a variety of tools and scripts for exploiting vulnerabilities in binaries, including exploit...

[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-3.fc32

MinGW Windows python3 library...

Pillow Buffer Overflow Vulnerability

Pillow is a Python based image processing library. A buffer overflow vulnerability exists in the libImaging/TiffDecode.c file in Pillow versions prior to 7.1.0. The vulnerability stems from a networked system or product that performs operations in memory without properly validating data boundarie...