27 matches found
CVE-2018-1000117
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates...
PSF Warns of Fake PyPI Login Site Stealing User Credentials
The Python Software Foundation PSF warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials...
Security Bulletin: Vulnerability inPython Software Foundation Black affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Python Software Foundation Black has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional...
Security Bulletin: Vulnerability in Python Software Foundation Black ( CVE-2024-21503) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential denial of service vulnerability CVE-2024-21503 has been identified related to Python Software Foundation Black that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
ReviewBoard and Djblets library are vulnerable to code execution
An eval vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code...
GHSA-58H8-44MG-R43X ReviewBoard and Djblets library are vulnerable to code execution
An eval vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code...
ReviewBoard and Djblets library are vulnerable to code execution
An eval vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code...
Python Software Foundation Python Installed (Windows)
Binary data pythonwininstalled.nbin...
Python DLL Loading Local Privilege Escalation
The version of Python installed on the remote Windows host is 3.6.x prior to 3.6.12, 3.7.x prior to 3.7.9, 3.8.x prior to 3.8.4, or 3.9.x prior to 3.9.0b5. It is, therefore, affected by an elevation of privilege vulnerability. A Trojan horse python3.dll might be used in cases where CPython is...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1126)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-4409
An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...
[SECURITY] [DLA 1520-1] python3.4 security update
Package : python3.4 Version : 3.4.2-1+deb8u1 CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802 Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python...
CVE-2018-1000802
Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in shutil module makearchive function that can result in Denial of service, Information gain via injection of arbitrary files on...
CVE-2018-1000802
Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in shutil module makearchive function that can result in Denial of service, Information gain via injection of arbitrary files on...
CVE-2018-1000802
Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in shutil module makearchive function that can result in Denial of service, Information gain via injection of arbitrary files on...
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping Vulnerability
Exploit for multiple platform in category local exploits VuNote ============ Author: Version: 0.2 Date: Nov 25th, 2015 Tag: python smtplib starttls stripping mitm Overview -------- Name: python Vendor: python software foundation References: https://www.python.org/ 1 Version: 2.7.11, 3.4.4, 3.5.1...
Python 'Lib/webbrowser.py' Remote Command Execution Vulnerability(CVE-2017-17522)
Description Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. Vulnerable: Python Software Foundation Python 3.6...
Official Debian and Python Wiki Servers Compromised
Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in "moin" package. According to Brian Curtin at Python Project, Hacker user some unknown...
Python 2.5.2 Imageop Module - imageop.crop() Buffer Overflow
Python 2.5.2 Imageop Module - imageop.crop Buffer Overflow Python's 'imageop' module is prone to a buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module. This may result in a compromise of...
Expat 2.0.1 UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
No description provided by source. Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHa...