Joblib: Arbitrary Code Execution

Background Joblib is a set of tools to provide lightweight pipelining in Python. In particular: 1. transparent disk-caching of functions and lazy re-evaluation memoize pattern 2. easy simple parallel computing Joblib is optimized to be fast and robust on large data in particular and has specific...

python39:3.9 and python39-devel:3.9 security update

modwsgi 4.7.1-7 - Bump release for rebuild Resolves: rhbz2213595 4.7.1-6 - Remove rpath Resolves: rhbz2213837 numpy 1.19.4-3 - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz1933055 1.19.4-2 - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz187743...

NewStart CGSL MAIN 6.06 : PyYAML Multiple Vulnerabilities (NS-SA-2023-0139)

The remote NewStart CGSL host, running version MAIN 6.06, has PyYAML packages installed that are affected by multiple vulnerabilities: - In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the...

Rocky Linux 8 : numpy (RLSA-2019:3704)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:3704 advisory. - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary cod...

Rocky Linux 8 : python27:2.7 (RLSA-2019:3335)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3335 advisory. - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The...

python39:3.9 and python39-devel:3.9 security update

Cython 0.29.21-5 - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz1877430 modwsgi 4.7.1-5 - Core dumped upon file upload = 1GB Resolves: rhbz2125172 numpy 1.19.4-3 - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz1933055 pybind11 2.7.1-1 - Update...

Oracle Linux 8 : numpy (ELSA-2019-3704)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3704 advisory. - Fix CVE-2019-6446 resolves: 1668466 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

Oracle Linux 8 : python27:2.7 (ELSA-2019-3335)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3335 advisory. - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker...

Rocky Linux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2023:3781)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3781 advisory. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank...

python38:3.8 and python38-devel:3.8 security update

babel 2.7.0-11 - Fix CVE-2021-20095 Resolves: rhbz1955615 Cython 0.29.14-4 - Exclude unsupported i686 arch modwsgi 4.6.8-4 - Core dumped upon file upload = 1GB Resolves: rhbz2125171 numpy 1.17.3-6 - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz1933055 python38...

AlmaLinux 8 : python38:3.8 and python38-devel:3.8 (ALSA-2023:3781)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3781 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. No...

RHEL 8 : python27:2.7 (RHSA-2023:3780)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3780 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

MAL-2023-1381 Malicious code in numpy-req (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b444962332036ed34a6122ae3f4595e0b05e8a2d1391aa9f7a1b06b9ab639114 The OpenSSF Package Analysis project identified 'numpy-req' @ 12.17.3 pypi as malicious. It is considered malicious because: - The package...

Malicious code in numpy-req (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b444962332036ed34a6122ae3f4595e0b05e8a2d1391aa9f7a1b06b9ab639114 The OpenSSF Package Analysis project identified 'numpy-req' @ 12.17.3 pypi as malicious. It is considered malicious because: - The package...

python3.11-numpy bug fix and enhancement update

An update is available for python3.11-numpy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Malicious code in os-numpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40ad87c585abfe0e853406f3417eab643e74d78e36679be13bdc5445899d5397 The OpenSSF Package Analysis project identified 'os-numpy' @ 3.19.4 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1384 Malicious code in os-numpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40ad87c585abfe0e853406f3417eab643e74d78e36679be13bdc5445899d5397 The OpenSSF Package Analysis project identified 'os-numpy' @ 3.19.4 pypi as malicious. It is considered malicious because: - The package...

Malicious code in beautifulsoup-numpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 199bccf9ed40ab3dcd67c494f1b1b52cd3fa78beed3bc25e851cb0f14db9b60b The OpenSSF Package Analysis project identified 'beautifulsoup-numpy' @ 10.13.10 pypi as malicious. It is considered malicious because: - The...

MAL-2023-1356 Malicious code in beautifulsoup-numpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 199bccf9ed40ab3dcd67c494f1b1b52cd3fa78beed3bc25e851cb0f14db9b60b The OpenSSF Package Analysis project identified 'beautifulsoup-numpy' @ 10.13.10 pypi as malicious. It is considered malicious because: - The...

MAL-2023-1382 Malicious code in numpy-selenium (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dc92a371c845859241fd20b897b00c4b6c39fcc8ec83dfe9fbb0146c36d267c5 The OpenSSF Package Analysis project identified 'numpy-selenium' @ 5.20.19 pypi as malicious. It is considered malicious because: - The package...