Huawei EulerOS: Security Advisory for python (EulerOS-SA-2023-3412)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: python-cryptography

Issue Overview: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects su...

Exploit for CVE-2023-6553

CVE-2023-6553 Exploit V2 🚀 Description 📝 The Backup Migra...

CVE-2023-46247

CVE-2023-46247 concerns Vyper (EVM) where contracts with large arrays could underallocate storage slots by 1 due to a rounding error in the calculation of required slots. Prior to v0.3.8, storage size was computed as ceil(type_.size_in_bytes / 32); when type_.size_in_bytes is large (>2**46) or...

Exploit for CVE-2023-4636

CVE-2023-4636 - The vulnerability in the limelight is an unau...

Improper Privilege Management in sap-xssec

Impact SAP BTP Security Services Integration Library Python sap-xssec allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to patched version = 4.1.0 We always...

Exploit for Missing Authorization in Zoneminder

Zoneminder Unauthenticated RCE via Snapshots CVE-2023-26035...

Security Bulletin: Multiple vulnerabilities in Python may affect the IBM Storage Scale System

Summary Multiple security vulnerabilities have been identified in IBM Storage Scale System where Python is vulnerable to denial of service. Fixes for these vulnerabilities are available. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by...

Exploit for Server-Side Request Forgery in Resf Rocky_Linux

CVE-2021-40438 - Apache = 2.4.48 - SSRF Python exploit A craf...

CVE-2023-50423

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-50423

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

Privilege escalation

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-50423

The CVE-2023-50423 entry concerns the SAP BTP Security Services Integration Library, specifically the Python package sap-xssec, versions prior to 4.1.0. Multiple connected sources confirm a privilege-escalation vulnerability where an unauthenticated attacker, via the affected library, can obtain ...

CVE-2023-50423 Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

SUSE CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

Ubuntu 20.04 ESM : Pydantic vulnerability (USN-6553-1)

The remote Ubuntu 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-6553-1 advisory. Nina Jensen discovered that Pydantic incorrectly handled user input in the date and datetime fields. An attacker could possibly use this issue to cause a denial o...

RHEL 9 : fence-agents (RHSA-2023:7753)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7753 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2023-3257)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6547-1: Python vulnerability

it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks...

Insights into your unpatched vulnerabilities

Every day, nearly 70 brand-new vulnerabilities are discovered in software products around the world. That’s almost 25,550 new problems each year, of which roughly 4,250 or every one-in-six will be classified as “critical.” But with little guidance beyond “critical” classifications—and with the...