Exploit for OS Command Injection in Hikvision Intercom_Broadcast_System

CVE-2023-6895 Vulnerability Scanner This is a simple Python s...

CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

GHSA-3WW4-GG4F-JR7F Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

Design/Logic Flaw

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2024-24559

CVE-2024-24559 : Vyper SHA3 codegen bug due to miscalculated height in IR for sha3_64. Can only be triggered with hand-written IR; not exposed by regular vyper code. Public advisories describe a low-impact issue, with a hand-written IR PoC and a patch patch (PR 4063) fixing the problem. Exploitat...

SUSE-SU-2024:0329-1 Security update for python

This update for python fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character bsc1210638...

CVE-2024-24762

CVE-2024-24762 affects python-multipart and describes a ReDoS in parsing the HTTP Content-Type header (options). An attacker can send a crafted Content-Type to exhaust CPU and stall the event loop. The vulnerability is fixed in version 0.0.7 by upstream patching the regex. Remediation is to upgra...

[SECURITY] Fedora 38 Update: mingw-python-pygments-2.15.1-1.fc38

MinGW Windows Python Pygments library...

[SECURITY] Fedora 39 Update: python-aiohttp-3.9.3-1.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

Fedora 39 : python-aiohttp (2024-f249b74f03)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f249b74f03 advisory. Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2...

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...

Fedora: Security Advisory (FEDORA-2024-f249b74f03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : jupyterlab / python-notebook (2024-1673c2696e)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-1673c2696e advisory. Update of jupyterlab and notebook including fix for CVE-2024-22420 . Tenable has extracted the preceding description block directly from the Fedora...

CVE-2024-1141

CVE-2024-1141 concerns the python-glance-store library, where logging the access_key occurs when DEBUG is enabled. Multiple sources (Red Hat RHSA-2024:2732, USN-6630-1, OSSV references, and related Nessus plugins) confirm the issue and link it to Glance_store’s handling of sensitive data in logs,...

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 261 Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a...

[SECURITY] Fedora 38 Update: python-templated-dictionary-1.4-1.fc38

Dictionary where getitem is run through Jinja2 template...

Nitrogen shelling malware from hacked sites

Nitrogen is the name given to a campaign and associated malware that have been distributed via malicious search ads. Its signature move is using Python and DLL side-loading to connect to the attackers command and control server. In this blog post, we look at a recent Nitrogen campaign and...

Stompy - Timestomp Tool To Flatten MAC Times With A Specific Timestamp

A PowerShell function to perform timestomping on specified files and directories. The function can modify timestamps recursively for all files in a directory. Change timestamps for individual files or directories. Recursively apply timestamps to all files in a directory. Option to use specific...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection Exploit

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to...