12249 matches found
CVE-2023-24816
IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requir...
Exploit for OS Command Injection in Exiftool_Project Exiftool
CVE-2022-23935 🐍 Python Exploit for CVE-2022-23935 Staged Rev...
MAL-2023-2072 Malicious code in pyinstaaller (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a27c316006cc1b914e8fe34160225478f99e8fa48a00e3cd62c3b9c92fadff15 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-1902 Malicious code in matplotlb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a5230460f70d1de9cde080dfedaa2ca545ffd9e5179d0e7bc8ae0053481a3900 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-1905 Malicious code in matplottlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5c1d3ad6f29067ca16b278d49b729248015481bc3dcd229417c14c7b17966d17 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-1648 Malicious code in beutifulsoup4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a74a36adea067d56842d1606f1bbeaa5d66d302d2c3d33a520d76b46ec81846b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-1691 Malicious code in coloorama (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 09d68047d6295447db037ac7c6df8b615a2d67c9c7a9fea2942bb9a14c801a85 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Leaktopus - Keep Your Source Code Under Control
Keep your source code under control. Key Features Plug &Play - one line installation with Docker. Scan various sources containing a set of keywords, e.g. ORGANIZATION-NAME.com. Currently supports: GitHub Repositories Gists coming soon Paste sites e.g., PasteBin coming soon Filter results with a...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2023-1368)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2023-1396)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to...
MAL-2023-2276 Malicious code in solaa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 72afae49d5c6208993bd6f8883607638c8710cc9d382eb717d2f61faa355c141 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in cryptocomapre (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a89417c87ac231046e9865ee3d066199d0a6e5d3760851bf6018b6f8b357598f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1334)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...
Design/Logic Flaw
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers: pycon outbuf = b"\x00" 32 c = ciphers.CipherAESb"\x00" 32, modes.ECB.encryptor c.updateintob"\x00" 16, outbuf 16 outbuf...
CVE-2023-23931
CVE-2023-23931 affects the Python cryptography package. The Cipher.update_into function could accept objects implementing the buffer protocol that were immutable, potentially mutating immutable buffers (e.g., bytes) and producing corrupted output. The issue is addressed by raising an exception an...
CVE-2023-23931 Cipher.update_into can corrupt memory in pyca cryptography
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...
CVE-2023-23931 Cipher.update_into can corrupt memory in pyca cryptography
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...
CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...