K000132333: Python vulnerability CVE-2019-9674

Security Advisory Description Lib/zipfile. py in Python through 3.7.2 allows remote attackers to cause a denial of service resource consumption via a ZIP bomb. CVE-2019-9674 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

Withdrawn: safeurl-python contains Server-Side Request Forgery

Withdrawn This advisory has been withdrawn as a duplicate of GHSA-jgh8-vchw-q3g7. Original Description isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

CVE-2023-24622

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

Server side request forgery (ssrf)

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

[SECURITY] Fedora 36 Update: python-jupyter-core-4.9.1-3.fc36

Core common functionality of Jupyter projects. This package contains base application classes and configuration inherited by other projects...

[SECURITY] Fedora 37 Update: python-jupyter-core-4.10.0-4.fc37

Core common functionality of Jupyter projects. This package contains base application classes and configuration inherited by other projects...

EulerOS Virtualization 3.0.2.2 : python (EulerOS-SA-2023-1284)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client...

CVE-2023-24622

CVE-2023-24622 affects the safeurl-python package (Python) prior to 1.2. The vulnerability stems from an insufficiently restrictive regular expression in isInList for external domains, enabling server-side request forgery (SSRF). Multiple sources (NVD, Red Hat, OSV, PRION, others) corroborate the...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to [CVE-2022-23491]

Summary Python module certifi is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to verifying untrustworth certificates. This bulletin provides...

Ubuntu: Security Advisory (USN-5342-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an...

New Python Malware Targeting Windows Devices

By Deeba Ahmed Dubbed PYRATION by researchers; the new Python malware is equipped with RAT behaviour and info-stealing capabilities. This is a post from HackRead.com Read the original post: New Python Malware Targeting Windows Devices...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges due to [CVE-2022-42919]

Summary Python is used by IBM App Connect Enterprise Certified Container for providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges. This bulletin provides patch information to...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (python-XStatic-Angular) security update

An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 17.0 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

DC-Sonar - Analyzing AD Domains For Security Risks Related To User Accounts

DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory AD domain. Neither contributor incur any responsibilit...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.2)

The version of AOS installed on the remote host is prior to 6.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.2 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection ...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.242)

The version of AHV installed on the remote host is prior to 20220304.242. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.242 advisory. - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - In Expat aka...

Python Exec, Python Meterpreter Shell, Reverse HTTPS Inline

Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf...

Python Exec, Command Shell, Reverse TCP SSL (via python)

Execute a Python payload from a command. Creates an interactive shell via Python, uses SSL, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/shellreversetcpssl msf payloadshellreversetcpssl show actions ...actions... msf...

Python Exec, Command Shell, Bind TCP (via python)

Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set...