ak-frame-extractor (>=1.0.0 <=1.1.0), apollo-sdk (>=0.2.4 <=0.2.11) +66 more potentially affected by CVE-2023-49797 via pyinstaller (>=3.0.0 <=5.13.0)

pyinstaller PYPI version =3.0.0, =1.0.0, =0.2.4, =0.1.0, =0.3.6, =0.1.0, =0.0.35, =0.0.13, =0.0.2, =0.8.2, =0.8.6 - faky =1.0.0 and more Source cves: CVE-2023-49797 Source advisory: OSV:PYSEC-2023-292...

CVE-2023-49797

CVE-2023-49797 affects PyInstaller-packaged Python apps and can lead to deletion of files in a privileged process under specific conditions (matplotlib or win32com present, run as administrator, and unprotected TEMP directory). Root cause: unprotected temporary file handling allows timing or dire...

CVE-2023-49797 Local Privilege Escalation in pyinstaller on Windows

PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...

CVE-2023-49797 Local Privilege Escalation in pyinstaller on Windows

PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...

GHSA-9W2P-RH8C-V9G5 Local Privilege Escalation in Windows

Impact A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if all the following are satisfied: The user runs an application containing either...

Local Privilege Escalation in Windows

Impact A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if all the following are satisfied: The user runs an application containing either...

ak-frame-extractor (>=1.0.0 <=1.1.0), apollo-sdk (>=0.2.4 <=0.2.11) +66 more potentially affected by CVE-2023-49797 via pyinstaller (>=3.0.0 <=5.13.0)

pyinstaller PYPI version =3.0.0, =1.0.0, =0.2.4, =0.1.0, =0.3.6, =0.1.0, =0.0.35, =0.0.13, =0.0.2, =0.8.2, =0.8.6 - faky =1.0.0 and more Source cves: CVE-2023-49797 Source advisory: OSV:GHSA-9W2P-RH8C-V9G5...

PyInstaller Security Vulnerability

PyInstaller is a Python library from the Python Foundation that analyzes your code to discover all the other modules and libraries your scripts need to execute. A security vulnerability exists in PyInstaller versions prior to 5.13.1. An attacker exploiting this vulnerability could elevate...

PT-2023-31355 · Unknown +2 · Pyinstaller +3

Name of the Vulnerable Software and Affected Versions: PyInstaller versions prior to 5.13.1 Description: A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. This...

MAL-2023-2071 Malicious code in pyinsstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9af5961742b570d0691b696d7bfe812d4a7f5417c6fa62881b565ed7d0d91a35 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2068 Malicious code in pyiinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4e820c2ce46a418e83b97aabee7b123b7f864e04b28fdb473d96fb2f7d629b91 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in pyintaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7c04c405b9cb81b56fb8445a063e858d5f952332c938200c3b13645f22dc1563 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2069 Malicious code in pyinnstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0382e772ea5282a3007ce0a76553892d2259881f4be47853f79cede67003edd1 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in pyisntaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9fa727da19f39b26e3766d9417adee312ff4c07717a06a54a6a668757076fe82 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2084 Malicious code in pyisntaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9fa727da19f39b26e3766d9417adee312ff4c07717a06a54a6a668757076fe82 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2070 Malicious code in pyinsaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5a3e007bb125020a61277cf6a75172eb9dbf2b6750ed5a6bddcca6751e7c49d9 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2141 Malicious code in pyyinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ec62607edebabd88a138d06c8353004f9afc9a06299de83c5c5002052479ffd2 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious Package

Overview hackerfileloll is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a...

Malicious Package

Overview rblxtools is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Disco...

Malicious Package

Overview pippytests is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a...