CVE-2023-35932

CVE-2023-35932 (jcvi) : The jcvi Python library is vulnerable to a configuration injection via unsanitized user input that reaches the configuration file (notably ~/.jcvirc). The issue centers on the code path in jcvi/apps/base.py where a user-provided value is stored as a path for binaries; unde...

CVE-2023-35932 jcvi vulnerable to Configuration Injection due to unsanitized user input

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

CVE-2023-35932 jcvi vulnerable to Configuration Injection due to unsanitized user input

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

jcvi 命令注入漏洞

jcvi is a python library. A command injection vulnerability exists in jcvi 1.3.5 and earlier versions, which stems from allowing an attacker to perform command injection by constructing a payload...

CVE-2023-34239

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...

Design/Logic Flaw

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...

PYSEC-2023-90

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...

Exploit for Code Injection in Reportlab

CODE INJECTION VULNERABILITY IN REPORTLAB PYTHON LIBRARY tl...

Exploit for OS Command Injection in Zyxel Atp100_Firmware

CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's ex...

Fedora: Security Advisory for python-cairosvg (FEDORA-2023-ab86bdbce6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2023-1678136626 python: Fix of CVE-2023-24329

CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...

[SECURITY] [DLA 3331-2] python-cryptography security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3331-2 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 27, 2023 https://wiki.debian.org/LTS -...

Malicious code in libpushhttpget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 35c9d6a7fed6e993876def2d1dfeb1b9ebfb8a851937b88de185bbe84a9e67d6 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in py-libcccandy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f1d7cca77c2c5f6a1a5a19a16321ecd40dd87e161c9f932a0ea15da705db0099 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

CVE-2023-25823

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...

CVE-2023-25823 Gradio contains Use of Hard-coded Credentials

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...

CVE-2023-25823 Gradio contains Use of Hard-coded Credentials

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...

Moodle 3.10.x < 3.10.8 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.11, 3.10.x prior to 3.10.8 or 3.11.x prior to 3.11.4. It is, therefore, affected by multiple vulnerabilities: - A Remote Code Execution when restoring malformed backup files. CVE-2021-3943 - A vulnerable version of mlbackend...

Moodle 4.0.x < 4.0.1 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.14, 3.10.x prior to 3.10.11, 3.11.x prior to 3.11.7 or 4.0.x prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability in ID numbers displayed when bulk...

Moodle 3.9.x < 3.9.11 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.11, 3.10.x prior to 3.10.8 or 3.11.x prior to 3.11.4. It is, therefore, affected by multiple vulnerabilities: - A Remote Code Execution when restoring malformed backup files. CVE-2021-3943 - A vulnerable version of mlbackend...