Xxe

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

CVE-2018-25082

CVE-2018-25082 affects zwczou WeChat SDK Python 0.3.0. Root cause: XML External Entity (XXE) reference via validate/to_xml, enabling remote manipulation. Impact as described: potential impact on confidentiality, integrity, and availability due to unresolved external entities. Public details indic...

Medium: python3

Issue Overview: An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 Affected Packages: python3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2023-116)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-116 advisory. A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s f...

Amazon Linux 2023 : python3-werkzeug (ALAS2023-2023-125)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-125 advisory. Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a smal...

CairoSVG improperly processes SVG files loaded from external resources

SSRF vulnerability Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara, python 3.9 Tested CairoSVG version 2.6.0 Details A specially...

FindUncommonShares - A Python Equivalent Of PowerView's Invoke-ShareFinder.ps1 Allowing To Quickly Find Uncommon Shares In Vast Windows Domains

The script FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileges domain user account. Automatically gets the list of all computers from the domai...

[SECURITY] Fedora 36 Update: mingw-python-OWSLib-0.28.1-1.fc36

MinGW Windows Python OWSLib library...

[SECURITY] Fedora 37 Update: mingw-python-OWSLib-0.28.1-1.fc37

MinGW Windows Python OWSLib library...

Ubuntu: Security Advisory (USN-5960-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: mingw-python-werkzeug-2.2.3-1.fc37

MinGW Windows Python werkzeug library...

Security Bulletin: Vulnerability in PyPI cryptography and Python may affect IBM Spectrum Protect Plus File Systems Agent (CVE-2023-23931, CVE-2023-0286, CVE-2023-24329)

Summary IBM Spectrum Protect Plus File Systems Agent can be affected by vulnerability in PyPI cryptography and Python. Vulnerabilities could allow a remote attacker to bypass security restrictions or do a denial of service attack, as described by the CVEs in the "Vulnerability Details" section...

Exploit for Out-of-bounds Write in Fortinet Fortios

FortiOS SSL-VPN buffer overflow vulnerability cve-2022-424...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Python vulnerability (USN-5960-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5960-1 advisory. Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2023:0724-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0724-1 advisory. - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in...

CLSA-2023-1678820695 python3: Fix of CVE-2023-24329

CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...

Security Bulletin: AIX is affected by a denial of service (CVE-2022-45061) due to Python

Summary A vulnerability in Python could allow a remote attacker to cause a denial of service CVE-2022-45061. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by an...

AIX is affected by a denial of service due to Python

IBM SECURITY ADVISORY First Issued: Tue Mar 14 13:01:15 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory4.asc Security Bulletin: AIX is affected by a denial of service CVE-2022-45061 due to Python...

Graphicator - A GraphQL Enumeration And Extraction Tool

Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send request...