Fedora 37 : python-geopandas (2023-8857bdcd95)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8857bdcd95 advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

Fedora 39 : python-geopandas (2023-1c5e667fd0)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1c5e667fd0 advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

Iac-Scan-Runner - Service That Scans Your Infrastructure As Code For Common Vulnerabilities

Service that scans your Infrastructure as Code for common vulnerabilities. Aspect | Information ---|--- Tool name | IaC Scan Runner Docker image | xscanner/runner PyPI package | iac-scan-runner Documentation | docs Contact us | [email protected] Purpose and description The IaC Scan Runner is...

Deepsecrets - Secrets Scanner That Understands Code

Yet another tool - why? Existing tools don't really "understand" code. Instead, they mostly parse texts. DeepSecrets expands classic regex-search approaches with semantic analysis, dangerous variable detection, and more efficient usage of entropy analysis. Code understanding supports 500+ languag...

MAL-2023-8563 Malicious code in azureml-contrib-daskonbatch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fbb97c227c663215810abd8867643e6709416bf4e16526391cc0c740f9dce047 The OpenSSF Package Analysis project identified 'azureml-contrib-daskonbatch' @ 1.0.0 pypi as malicious. It is considered malicious because: - T...

MAL-2023-8564 Malicious code in yelp-cgeom1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1d368f32894c442f86028103800df96e8818dd226ac82b14b5cec80a267a202 The OpenSSF Package Analysis project identified 'yelp-cgeom1' @ 0.1 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-8540 Malicious code in discomusic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d5ae86bb92ecda0b9d67bf6bcb933e00f57e91de9916d1b3a3ad5a68993c0778 The OpenSSF Package Analysis project identified 'discomusic' @ 0.0.3 pypi as malicious. It is considered malicious because: - The package...

Moderate: Red Hat Security Advisory: python3.11-pip security update

An update for python3.11-pip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: python3.11-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

ALSA-2023:6914 Moderate: python3.11-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

ALSA-2023:7176 Moderate: python-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

Moderate: python-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

BlazeStealer Malware Uncovered in Python Packages on PyPI

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Python Package Index PyPI repository is infiltrated with number of malicious python packages. These packages masquerade as obfuscation tools, however they harbor BlazeStealer malware, which initiates a...

CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

Deserialization of untrusted data

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

CVE-2023-47248 PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

A new set of malicious Python packages has slithered their way to the Python Package Index PyPI repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware...

Moderate: Red Hat Security Advisory: python-pip security update

An update for python-pip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: Red Hat Security Advisory: python3.11-pip security update

An update for python3.11-pip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ALSA-2023:6324 Moderate: python3.11-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...