57450 matches found
Astra Linux - уязвимость в python2.7, python3.11, python3.7
The html.parser.HTMLParser class has worst-case quadratic complexity when processing certain malformed inputs, which could potentially lead to a heightened denial-of-service attack...
Astra Linux - уязвимость в python-django
A issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The methods django.utils.text.Truncator.chars and Truncator.words with html=True, along with the truncatecharshtml and truncatewordshtml template filters, allow a remote attacker to cause a potential...
Astra Linux - уязвимость в python-cryptography
Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions, Cipher.updateinto would accept Python objects that implement the buffer protocol, but only provide immutable buffers. This would allow immutable objects such as bytes to b...
Astra Linux - уязвимость в python2.7
In Python 3.x through 3.9.1, there is a buffer overflow issue in the PyCArgrepr function within ctypes/callproc.c. This issue may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input. This was demonstrated by the use of the argument...
Astra Linux - уязвимость в python3.11, python3.7
The email module, specifically the “BytesGenerator” class, did not properly quote newlines for email headers when serializing an email message. This issue occurs only when using “LiteralHeader” to write headers that do not follow email folding rules. The new behavior will reject incorrectly folde...
Astra Linux - уязвимость в python-urllib3
In urllib3 before version 1.24.2, the authorization HTTP header is not removed when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE:...
Astra Linux - уязвимость в python-apt
Dereferencing a NULL pointer in TagSection.keys in Python-apt on APT-based Linux systems allows a local attacker to cause a denial of service process crash through a crafted deb822 file containing malformed non-UTF-8 keys...
Astra Linux - уязвимость в python3.11
It allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory, and modifying some file metadata. This vulnerability affects users who use the TarFile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract, with the...
Astra Linux - уязвимость в python3.7
A issue was discovered in the CPython tempfile.TemporaryDirectory class, affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, 3.8.18, and earlier versions. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means that users who can...
Astra Linux - уязвимость в python3.11, python3.7
A vulnerability has been identified in the CPython venv module and CLI. This vulnerability arises from improper quoting of path names when creating a virtual environment. As a result, attackers can inject commands into the virtual environment “activation” scripts e.g., using “source...
Astra Linux - уязвимость в python3.7, python2.7
A flaw was discovered in Python. Improper handling of HTTP responses in the Python HTTP client code may allow a remote attacker, who controls the HTTP server, to cause the client script to enter an infinite loop, consuming CPU resources. The greatest threat of this vulnerability is to system...
Astra Linux - уязвимость в python-django
A issue was discovered in Django 5.0, prior to versions 5.0.7 and 4.2, prior to version 4.2.14. The derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, may allow directory...
Astra Linux - уязвимость в python-oslo.utils
A flaw was discovered in python-oslo-utils. Due to improper parsing, passwords that contain double quotes " cause incorrect masking in debug logs, resulting in any part of the password after the double quote being displayed as plain text...
Astra Linux - уязвимость в python-urllib3
urllib3 is a HTTP client library for Python. The streaming API of urllib3 is designed for efficiently handling large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
Astra Linux - уязвимость в python2.7, python3.7
A use-after-free exists in Python through version 3.9 via the heappushpop function in the heapq module...
Astra Linux - уязвимость в python3.11, python3.7, python2.7
A defect was discovered in the Python “ssl” module, where there is a memory race condition involving the methods “certstorestats” and “getcacerts” of the ssl.SSLContext class. This race condition can occur when these methods are called simultaneously with the loading of certificates into the...
Astra Linux - уязвимость в python3.11
There is a HIGH-severity vulnerability affecting the CPython “zipfile” module, specifically the “zipfile.Path” class. It should be noted that the more commonly used API “zipfile.ZipFile” class is not affected. When iterating over the names of entries in a zip archive for example, methods like...
Astra Linux - уязвимость в python3.7, python2.7
A issue was discovered in Python before version 3.11.1. An unnecessary quadratic algorithm exists in one path when processing certain inputs to the IDNA RFC 3490 decoder. This can lead to an excessive CPU usage when a maliciously crafted, unreasonably long hostname is provided to the decoder...
pentest-automation-framework
pentest-automation-framework Built this to speed up structure...
Malicious code in gauth-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 aea1fab5eb3b9422c65232e53e79eb71ba3436355601cd61e7a7b0177779df4e Package impersonates Google and attempts to exfiltrate various credential files. It also setups PTH file for automated start during Python initialization. In t...