Fedora 35 : pypy3.9 (2022-61d8e8d880)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-61d8e8d880 advisory. Backport fix for CVE-2021-28861 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 36 : pypy3.9 (2022-4ac2e16969)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-4ac2e16969 advisory. Backport fix for CVE-2021-28861 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Oracle Linux 9 : python3.9 (ELSA-2022-8353)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8353 advisory. - Security fixes for CVE-2020-10735 and CVE-2021-28861 Resolves: rhbz2120642, rhbz1834423, rhbz2128249 - Security fix for CVE-2015-20107 Resolves:...

SUSE SLES12 Security Update : python3 (SUSE-SU-2022:3511-2)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3511-2 advisory. - DISPUTED Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at th...

SUSE SLES15 Security Update : python3 (SUSE-SU-2022:3593-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3593-1 advisory. - DISPUTED Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at th...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2022:3553-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3553-1 advisory. - DISPUTED Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection...

TrelloC2 - Simple C2 Over The Trello API

Simple C2 over Trello's API Proof-of-Concept By: Fabrizio Siciliano @0rbz Update 12/30/2019 Removed hardcoded API key and Token, use input instead. Requirements Python 3.x Setup 1. Create a Trello account: https://trello.com/signup 2. Once logged in, get your API key: https://trello.com/app-key 3...

StackStorm st2 Infinite Loop Condition

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

Poro - Scan Publicly Accessible Assets On Your AWS Cloud Environment

Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databases EC2 instances Redshift Databases Poro also check if a tag you specify is applied to identified public resources using --tag-key and --tag-value arguments...

Debian DLA-2919-1 : python2.7 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2919 advisory. - Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that...

AlmaLinux 8 : python3 (ALSA-2021:1633)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1633 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls...

Oracle Linux 8 : python27:2.7 (ELSA-2021-1761)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1761 advisory. - Security fix for CVE-2021-3177 Resolves: rhbz1919163 - Security fix for CVE-2020-26116: Reject control chars in HTTP method in httplib.putrequest...

EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2021-2028)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in...

EulerOS 2.0 SP9 : python3 (EulerOS-SA-2021-1957)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are...

Oracle Linux 8 : python3 (ELSA-2021-1633)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1633 advisory. - Fix for CVE-2021-23336 Resolves: rhbz1928904 - Fix for CVE-2021-3177 Resolves: rhbz1918168 - Security fix for CVE-2020-27619: eval call on content...

Oracle Linux 8 : python2 (ELSA-2021-9128)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9128 advisory. python2 2.7.17-2.0.2 - Fix buffer overflow in PyCArgrepr Orabug: 32551171CVE-2021-3177 Tenable has extracted the preceding description block directly from the...

Oracle Linux 8 : python36 (ELSA-2021-9129)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9129 advisory. python36 3.6.8-2.0.1 - Rebuild with python containing fix for Orabug: 32551171CVE-2021-3177 Tenable has extracted the preceding description block directly from...

CVE-2021-28667

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

Design/Logic Flaw

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

CVE-2021-28667

StackStorm before 3.4.1 is affected by an infinite-loop vulnerability that can consume all available memory and disk space when logging Unicode data if Python 3.x is used and the locale is not UTF-8. Root cause is an unbounded loop triggered during logging of Unicode data from actions or rules. I...