SUSE-RU-2024:1829-1 Recommended update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-adcp, python-aliyun-python-sdk-address-purification, python-aliyun-python-sdk-aegis, python-aliyun-python-sdk-afs, python-aliyun-python-sdk-aigen, python-aliyun-python-sdk-aimiaobi, python-aliyun-python-sdk-airec, python-aliyun-python-sdk-airticketopen, python-aliyun-python-sdk-alb, python-aliyun-python-sdk-alidns, python-aliyun-python-sdk-aligreen-console, python-aliyun-python-sdk-alikafka, python-aliyun-python-sdk-alimt, python-aliyun-python-sdk-alinlp, python-aliyun-python-sdk-aliyuncvc, python-aliyun-python-sdk-amptest, python-aliyun-python-sdk-amqp-open, python-aliyun-python-sdk-antiddos-public, python-aliyun-python-sdk-apds

This update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-adcp, python-aliyun-python-sdk-address-purification,...

CVE-2024-34073

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34072

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...

CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...

CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...

CVE-2024-34072

Summary (CVE-2024-34072) : The sagemaker-python-sdk’s sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 is vulnerable to unsafe deserialization of untrusted pickled numpy object arrays. This can enable a local attacker to achieve remote code execution, denial of service, and i...

CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073

The CVE concerns the sagemaker-python-sdk, where the capture_dependencies function in sagemaker.serve.save_retrive.version_1_0_0.save.utils allows potentially unsafe OS command injection if a malicious requirements_path is passed. This could enable remote code execution, denial of service, and co...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

SageMaker Python SDK 安全漏洞

SageMaker Python SDK is an open source library open sourced by Amazon Web Services. It is used for training and deploying machine learning models on Amazon SageMaker. A security vulnerability exists in the SageMaker Python SDK prior to version 2.214.3, which stems from a command injection...

Malicious code in tencent-cloud-python-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security bf236cca18e4d157a57cd3de7abed8ad967103c42b9ae53f5026174af46b64a4 Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI. The malicious code was hidden in strategic...

MAL-2023-8370 Malicious code in tencent-cloud-python-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security bf236cca18e4d157a57cd3de7abed8ad967103c42b9ae53f5026174af46b64a4 Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI. The malicious code was hidden in strategic...

Planet SDK for Python 安全漏洞

Planet SDK for Python is an open source application from Planet Labs. A Python-API and a command line interface CLI are provided to use the Planet API. A security vulnerability exists in Planet SDK for Python versions prior to 2.0.1, which stems from a vulnerability that allows unauthorized users...

GHSA-29PR-6JR8-Q5JM Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

Impact When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...

PYSEC-2021-862

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.4.2, Python versions prior to 1.6.1, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.3 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in the...

OPENSUSE-SU-2021:2817-1 Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3

This patch updates the Python AWS SDK stack in SLE 15: General: aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all change...

RHEL 7 : Red Hat Virtualization (RHSA-2020:4114)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4114 advisory. ovirt-ansible-repositories is an Ansible role used to set up the repositories required for oVirt engine or host installation. The openvswitc...

Moderate: Red Hat Security Advisory: Red Hat Virtualization security and bug fix update

An update for openvswitch2.11, ovirt-ansible-repositories, ovn2.11, and python-ovirt-engine-sdk4 is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of...

Security Bulletin: Security vulnerability affects IBM Cloud Object Storage SDK Python (January 2020 Bulletin)

Summary Security vulnerability affects IBM Cloud Object Storage SDK Python. The vulnerability has been addressed in the latest SDK 2.6.0 release. Vulnerability Details CVE-ID: CVE-2019-18874 Description: psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcoun...