Remote code execution in Apport < 2.20.4 via manipulated CrashDB field
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
XChat Python module arbitrary code execution via a Trojan horse Python file in the current working directory due to an untrusted search path
Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Untrusted search path in gedit allows local code execution via a malicious Python file in the current directory
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Flask-Unchained <0.9.0 allows URL bypass via backslashes
This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.
Meinheld (prior to 1.0.2) vulnerable to HTTP Request Smuggling via incorrect parsing of headers
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
File overwrite in TensorFlow 2.5.0 via tf.keras.utils.get_file (extract=True), not for untrusted archives
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives.
Remote authenticated users execute arbitrary Python code via sandbox whitelisting in Plone before 4.2.3 and 4.3 beta 1
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Orca Python module loading allows arbitrary code execution
Orca has arbitrary code execution due to insecure Python module load
Python-keystoneclient 0.2.3 to 0.2.5: Middleware memcache signing bypass vulnerability
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
Python-keystoneclient 0.2.3 to 0.2.5 allows memcache encryption bypass
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
Introducing the "VAITP dataset": a specialized repository of Python vulnerabilities and patches, meticulously compiled for the use of the security research community. As Python's prominence grows, understanding and addressing potential security vulnerabilities become crucial. Crafted by and for the cybersecurity community, this dataset offers a valuable resource for researchers, analysts, and developers to analyze and mitigate the security risks associated with Python. Through the comprehensive exploration of vulnerabilities and corresponding patches, the VAITP dataset fosters a safer and more resilient Python ecosystem, encouraging collaborative advancements in programming security.
The supreme art of war is to subdue the enemy without fighting.
Sun Tzu – “The Art of War”
:: Shaping the future through research and ingenuity ::