CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

Exploit for Server-Side Request Forgery in Anyscale Ray

CVE-2023-48022 CVE-2023-48022 explo...

RHEL 8 : python-urllib3 (RHSA-2024:0116)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0116 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

CentOS 8 : fence-agents (CESA-2024:0133)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0133 advisory. - Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts...

PT-2024-4665 · Python +9 · Python +9

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.10.14 Python versions prior to 3.11.9 Python versions prior to 3.12.3 Python versions prior to 3.13.0a5 Description: A defect was discovered in the Python “ssl” module where there is a memory race condition with the...

Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...

Amazon Linux 2 : python (ALAS-2024-2400)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2400 advisory. An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possibl...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: python

Issue Overview: An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest. CVE-2022-48566 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2...

Exploit for CVE-2022-36267

CVE-2022-36267 - Airspan AirSpot 5410 Unauthenticated Remote C...

Design/Logic Flaw

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...

CVE-2024-21644

Affected software: pyLoad (Python-based download manager). Issue: Unauthenticated users can access the Flask configuration, including the SECRET_KEY, via a specific URL endpoint, due to improper access control in the web UI. Root cause / details: The vulnerability is triggered by a route that ren...

CVE-2024-21644 pyLoad unauthenticated flask configuration leakage

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...

[SECURITY] Fedora 38 Update: python-wled-0.4.4-11.fc38

This package allows you to control and monitor an WLED device programmatically. It is mainly created to allow third-party programs to automate the behavior of WLED...

[SECURITY] Fedora 39 Update: python-aiohttp-3.9.1-1.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

[SECURITY] Fedora 39 Update: python-pysqueezebox-0.5.5-11.fc39

Python library to control a Logitech Media Server asynchronously...

Exploit for Missing Authentication for Critical Function in Jetbrains Teamcity

CVE-2023-42793 Exploit Script Overview This script is des...

Fedora 39 : python-aiohttp / python-pysqueezebox / python-wled (2023-a04cc349e1)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-a04cc349e1 advisory. Security fix for CVE-2023-49081, CVE-2023-49082. Update python-aiohttp to 3.9.1. Patch python-pysqeezebox and python-wled so they do not have an...