Plone 4.x through 4.3.11 and 5.x through 5.0.6 have remote code execution due to a Python string format method issue
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
Sudo Privilege escalation via PYTHONINSPECT
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
Scalyr Agent < 2.1.10: SSL cert validation lacking hostname comparison
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName.
Schben Adive 2.0.7 allows remote users to create admin accounts via "admin/user/add"
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
Remote code execution in glot-code-runner through May 19, 2018, via os.system in JSON files
The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file.
Python code injection via 'Add new weather data source' upload function in Green Electronics RainMachine Mini-8 (2nd generation)
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function.
Harrison Chase Langchain v0.0.194 has a critical arbitrary code execution via Python exec calls in PALChain functions from_math_prompt and from_colored_object_prompt
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
SSL.wrap_socket with CERT_NONE in Python allows MITM attacks to spoof TLS servers
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.
IBM SPSS Statistics 22.0.0.2 and 23.0.0.2 have weak permissions, enabling local users to gain privileges via Python script modification
IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.
Blender versions 2.34, 2.35a, 2.40, and 2.49b: Remote code execution via malicious Python in .blend files' onLoad action of ScriptLink SDNA
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
Introducing the "VAITP dataset": a specialized repository of Python vulnerabilities and patches, meticulously compiled for the use of the security research community. As Python's prominence grows, understanding and addressing potential security vulnerabilities become crucial. Crafted by and for the cybersecurity community, this dataset offers a valuable resource for researchers, analysts, and developers to analyze and mitigate the security risks associated with Python. Through the comprehensive exploration of vulnerabilities and corresponding patches, the VAITP dataset fosters a safer and more resilient Python ecosystem, encouraging collaborative advancements in programming security.
The supreme art of war is to subdue the enemy without fighting.
Sun Tzu – “The Art of War”
:: Shaping the future through research and ingenuity ::