Fedora 40 : llhttp / python-aiohttp (2023-f2bb9ee617)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f2bb9ee617 advisory. python-aiohttp 3.8.6 2023-10-07 https://github.com/aio-libs/aiohttp/blob/v3.8.6/CHANGES.rst386-2023-10-07 Security bugfixes - Upgraded llhttp to v9.1.3:...

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases when using int("text") a system could take 50ms to parse an int string with 100000 digits and 5s for 1000000 digits (float decimal int.from_bytes() and int() for binary bases 2 4 8 16 and 32 are not affected). The highest threat from this vulnerability is to system availability.

...

CobaltStrikeParser - Python parser for CobaltStrike Beacon's configuration

Python parser for CobaltStrike Beacon's configuration Description Use parsebeaconconfig.py for stageless beacons, memory dumps or C2 urls with metasploit compatibility mode default true. Many stageless beacons are PEs where the beacon code itself is stored in the .data section and xored with 4-by...

typed_ast buffer overflow vulnerability (CNVD-2020-03184)

typedast is a Python parser. A buffer overflow vulnerability exists in typedast. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and write operations being performed to other memory...

DEBIAN-CVE-2019-19275

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

Deserialization of Untrusted Data

Amendment This was deemed not a vulnerability. Overview parso is a Python parser that supports error recovery and round-trip parsing for different Python versions. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A deserialization vulnerability exists in the...

CVE-2017-12301

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...

The use of Python code implementing the Web application of the injection-vulnerability warning-the black bar safety net

Vulnerability overview If your Web application exists in the Python code injection vulnerability, the attacker can use your Web applications to your back-end server of the Python parser to send malicious Python code. This also means that if you can on the target server execute Python code, you ca...