Meinheld (prior to 1.0.2) vulnerable to HTTP Request Smuggling via incorrect parsing of headers
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
File overwrite in TensorFlow 2.5.0 via tf.keras.utils.get_file (extract=True), not for untrusted archives
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives.
Remote authenticated users execute arbitrary Python code via sandbox whitelisting in Plone before 4.2.3 and 4.3 beta 1
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Orca Python module loading allows arbitrary code execution
Orca has arbitrary code execution due to insecure Python module load
Python-keystoneclient 0.2.3 to 0.2.5: Middleware memcache signing bypass vulnerability
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
Python-keystoneclient 0.2.3 to 0.2.5 allows memcache encryption bypass
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
Arbitrary OS command execution via untrusted Bikeshed Inline Tag Command metadata (pre-3.0.0)
This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.
Vulnerability in qlib's workflow: Unsafe YAML load
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
Unsanitized input in Gerapy package (0 to 0.9.3) via Popen in project_configure endpoint
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isnโt being sanitized.
Digi ConnectPort X2e < 3.2.30.6 symlink privilege escalation via /etc/init.d/S50dropbear.sh and /WEB/python/.ssh
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
Introducing the "VAITP dataset": a specialized repository of Python vulnerabilities and patches, meticulously compiled for the use of the security research community. As Python's prominence grows, understanding and addressing potential security vulnerabilities become crucial. Crafted by and for the cybersecurity community, this dataset offers a valuable resource for researchers, analysts, and developers to analyze and mitigate the security risks associated with Python. Through the comprehensive exploration of vulnerabilities and corresponding patches, the VAITP dataset fosters a safer and more resilient Python ecosystem, encouraging collaborative advancements in programming security.
The supreme art of war is to subdue the enemy without fighting.
Sun Tzu – “The Art of War”
:: Shaping the future through research and ingenuity ::