CVE-2024-35059

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...

CVE-2024-35059

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...

PT-2024-40080 · Php-Jwt +4 · Php-Jwt +4

Name of the Vulnerable Software and Affected Versions: node-jsonwebtoken affected versions not specified pyjwt affected versions not specified namshi/jose affected versions not specified php-jwt affected versions not specified jsjwt affected versions not specified Description: The issue affects...

编号撤回

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. This CVE number has been withdrawn...

tqdm 安全漏洞

tqdm is a fast, extensible progress bar for Python and the CLI from the tqdm open source. A security vulnerability exists in versions of tqdm prior to 4.66.3, which stems from the fact that any optional non-Boolean CLI arguments can be passed through python's eval, allowing arbitrary code executi...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

SAP BTP Python Library sap-xssec < 4.1.0 Privilege Escalation

The detected version of SAP BTP python package, sap-xssec, is prior to version 4.1.0. It is, therefore, affected by a privilege escalation vulnerability. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the applicaiton. Note that Nessus has not tested for...

python-aiohttp: http request smuggling

An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...

ROS-20240412-04

A vulnerability in Salt's configuration management and remote execution system is related to the copying a script along a predictable path. Exploitation of the vulnerability could allow an attacker, acting remotely to run their own script. A vulnerability in the symbolic.py component of the Pytho...

gradio 路径遍历漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A path traversal vulnerability exists in gradio that stems from incorrect validation of user-supplied input...

redhat-support-lib-python and redhat-support-tool bug fix and enhancement update

An update is available for redhat-support-tool, redhat-support-lib-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The redhat-support-tool utility...

Debian dsa-5652 : python-py7zr-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5652 advisory. - A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via...

Gradio 安全漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a security vulnerability that stems from a password checking condition that is susceptible to a timing attack to guess passwords...

Gradio 命令注入漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a command injection vulnerability that stems from the fact that injection via command can lead to information disclosure...

CLSA-2024-1711491407 python: Fix of CVE-2023-27043

CVE-2023-27043: reject malformed addresses in email.parseaddr...

CVE-2024-29189

PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/productinstance.py, upon calling this method startprogram directly, users could exploit its usage to perform malicious operations on the current...

Gradio 跨站请求伪造漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a cross-site request forgery vulnerability that stems from vulnerability to cross-site request forgery attacks...

RPyC Security Vulnerabilities

RPyC is a symmetric RPC Remote Procedure Call library for Python. A security vulnerability exists in RPyC versions prior to 6.0.0 that stems from a remote code execution vulnerability when using numpy.array on the server side...

[SECURITY] Fedora 40 Update: python-javaobj-0.4.3-12.fc40

python-javaobj is a python library that provides functions for reading and writing writing is WIP currently Java objects serialized or will be deserialized by ObjectOutputStream. This form of object representation is a standard data interchange format in Java world...

PT-2024-2537 · Rpyc +1 · Rpyc +1

Name of the Vulnerable Software and Affected Versions: RPyC versions prior to 6.0.0 Description: The issue is related to the netref component of the RPyC Python library, which has an incorrect security check for standard elements. This can allow a remote attacker to execute arbitrary code by...