CVE-2023-52289

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

CVE-2023-52289

The CVE-2023-52289 entry affects the Python package flaskcode up to version 0.0.8. Affected component: the /update-resource-data/ endpoint (views.py) in Flaskcode. Root cause: unauthenticated directory traversal that allows writing to arbitrary files. Impact: high, via a network-exposed POST requ...

CVE-2023-52288

The CVE-2023-52288 entry concerns the Flaskcode package for Python (versions up to 0.0.8). The vulnerability is an unauthenticated directory traversal that can be exploited via a GET request to /resource-data/.txt (from views.py), enabling reading of arbitrary files on the server. Connected advis...

Fedora 39 : python-flask-security-too (2024-f34963bef8)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f34963bef8 advisory. Backport fix for CVE-2023-49438. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2023-52289

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

CVE-2023-52288

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI from views.py, allows attackers to read arbitrary files...

bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2023:7423 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

python, tkinter security update

CentOS Errata and Security Advisory CESA-2023:6885 An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

python: Fix of CVE-2023-40217

CVE-2023-40217: Fix TLS handshake bypass...

CLSA-2024-1705079922 python: Fix of CVE-2023-40217

CVE-2023-40217: Fix TLS handshake bypass...

EmploLeaks - An OSINT Tool That Helps Detect Members Of A Company With Leaked Credentials

This is a tool designed for Open Source Intelligence OSINT purposes, which helps to gather information about employees of a company. How it Works The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find...

CVE-2024-21669 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

CVE-2024-21669 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

CVE-2024-22194 cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions matching the pattern 0.x.0...

[SECURITY] Fedora 38 Update: python-paramiko-3.4.0-1.fc38

Paramiko a combination of the Esperanto words for "paranoid" and "friend" is a module for python 2.3 or greater that implements the SSH2 protocol for secu re encrypted and authenticated connections to remote machines. Unlike SSL aka TLS, the SSH2 protocol does not require hierarchical certificate...

Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats

By Waqas In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not… This is a post from HackRead.com Read the original post: Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats...

CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

Xxe

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

CVE-2023-45139

CVE-2023-45139 affects the fontTools Python library, specifically the subsetting module. The issue is an XML External Entity (XXE) vulnerability that triggers when parsing candidate fonts (OT-SVG fonts with an SVG table), enabling an attacker to resolve arbitrary entities and potentially read arb...